Manage Distributed Firewall Rules

Traffic attempting to pass through the firewall is subjected to the rules in the order shown in the
ALL RULES
.
The order of distributed firewall rules in the
ALL RULES
list is the union of the ordered list of policies and the ordered list of rules in each policy. You can reorder the distributed firewall sections and rules within a section. You can also edit existing distributed firewall configuration, delete, or clone a firewall rule or section.
  1. Log in to the
    VMware Cloud on AWS GovCloud
    at https://www.vmc-us-gov.vmware.com/.
  2. Select
    Networking & Security
    Distributed Firewall
    .
  3. Modify policy settings.
    Click the vertical ellipsis button at the beginning of the policy row to take bulk actions, which affect all rules in the policy. You cannot modify these settings if the policy includes any rules.
  4. Reorder policies.
    A policy created from the
    ADD POLICY
    button is placed at the top of the list of policies. Firewall rules in each policy are applied in policy order from top to bottom. To change the position of a policy (and all the rules it contains) in the list, select it and drag it to a new position. Click
    PUBLISH
    to publish the change.
  5. Clone or copy a rule.
    Click the vertical ellipsis button at the beginning of the rule row.
    • Clone Rule
      to make a copy of the rule in this policy.
    • Copy Rule
      to make a copy of the rule that you can add to another policy.
  6. Add or delete a rule.
    Click the vertical ellipsis button at the beginning of the rule row.
    • Add Rule
      to add a rule in this policy.
    • Delete Rule
      to delete the rule from this policy.
  7. Save or view distributed firewall configurations.
    Distributed firewall configurations in
    VMware Cloud on AWS GovCloud
    are similar to the Firewall Drafts feature of on-premises NSX-T. Click
    ACTIONS
    Configurations
    View
    to view a list of saved configurations. Click
    ACTIONS
    Configurations
    Save
    to save the current configuration. Configurations are auto-saved by default. Click
    ACTIONS
    Settings
    General Settings
    to disable
    Auto Save Drafts
    .
  8. Configure Identity Firewall settings
    This option is available if you have enabled NSX Advanced Firewall features. Before you can use this feature, you have to enable it and apply it to one or more SDDC clusters.
    1. On the
      Distributed Firewall
      tab, click
      ACTIONS
      Settings
      General Settings
      and toggle
      Identity Firewall Status
      to
      Enable
      .
    2. Click the
      Identity Firewall Settings
      tab and choose the SDDC clusters where you want to enable this feature.