To enable Classic firewalls in the UI, Administrators should set the client configuration property.
Users work with classic firewalls at the public cloud region level. In the platform there is no association between classic firewalls and virtual datacenters or classic firewalls and VMs. This means that when you onboard virtual resources, you must onboard classic firewalls in addition to virtual datacenters.
To onboard classic firewalls:
To synchronize a firewall that you onboarded earlier, click the synchronize double-arrow button beside the firewall name.
Change the name and description as required, then click Save.
To view the provider ID of a classic firewall, edit the firewall.
The platform will maintain the rules in order with no gaps.
To change the order of rules, click the pencil edit button beside a sequence number, then enter a new sequence number and click "ok". The platform will move the other rules to fit around the changed rule.
For example, to move a rule from position 1 to position 2, enter 2 and click "ok".
The platform will now move the rule that was in position 2 to position 1.
The last rule in the sequence is the default rule in the Edge. In vCloud Director, If you disable the default rule, this will disable the firewall service in the Edge. This will mean that the rules will exist in the Edge but they will not be active.
To create a firewall rule, click the Add + button and complete the following dialog.
|Sequence||Position in the order of evaluation of rules, which is from lowest to highest. You should create rules using existing sequence numbers. The platform will reorder the rules to fit around the new rule. If you create a new rule at the end of the sequence, then it will be the default rule. If you disable the default rule, then the platform will disable the firewall in the Edge.|
Optionally select from the list of common protocols
|Source ports||The firewall rule will apply to this inclusive range of ports|
Source can be in the following formats: IP address, CIDR, IP range, 'any', 'internal', and 'external'
|Destination ports||The firewall rule will apply to this inclusive range of ports|
|Destination||Destination can be in the following formats: IP address, CIDR, IP range, 'any', 'internal', and 'external'|
|Action||Select "Allow" or "Deny".|
|Logged||Select to use logging. Optional|
|Enabled||Select to enable the rule. If this rule is in the last position, then it is the default rule. If you disable the default rule, then you will disable the firewall in the Edge. The rules will still be present, but the Edge will not apply them|