VMware Cloud on AWS GovCloud (US) 服務

SaaS services
Español 繁體中文

Manage Distributed Firewall Rules

Traffic attempting to pass through the firewall is subjected to the rules in the order shown in the
ALL RULES
.
The order of distributed firewall rules in the
ALL RULES
 list is the union of the ordered list of policies and the ordered list of rules in each policy. You can reorder the distributed firewall sections and rules within a section. You can also edit existing distributed firewall configuration, delete, or clone a firewall rule or section.
  1. Log in to the
    VMware Cloud on AWS GovCloud
     at https://www.vmc-us-gov.vmware.com/.
  2. Select
    Networking & Security
    Distributed Firewall
    .
  3. Modify policy settings.
    Click the vertical ellipsis button at the beginning of the policy row to take bulk actions, which affect all rules in the policy. You cannot modify these settings if the policy includes any rules.
  4. Reorder policies.
    A policy created from the
    ADD POLICY
     button is placed at the top of the list of policies. Firewall rules in each policy are applied in policy order from top to bottom. To change the position of a policy (and all the rules it contains) in the list, select it and drag it to a new position. Click
    PUBLISH
     to publish the change.
  5. Clone or copy a rule.
    Click the vertical ellipsis button at the beginning of the rule row.
    • Clone Rule
       to make a copy of the rule in this policy.
    • Copy Rule
       to make a copy of the rule that you can add to another policy.
  6. Add or delete a rule.
    Click the vertical ellipsis button at the beginning of the rule row.
    • Add Rule
       to add a rule in this policy.
    • Delete Rule
       to delete the rule from this policy.
  7. Save or view distributed firewall configurations.
    Distributed firewall configurations in
    VMware Cloud on AWS GovCloud
     are similar to the Firewall Drafts feature of on-premises NSX-T. Click
    ACTIONS
    Configurations
    View
     to view a list of saved configurations. Click
    ACTIONS
    Configurations
    Save
     to save the current configuration. Configurations are auto-saved by default. Click
    ACTIONS
    Settings
    General Settings
     to disable
    Auto Save Drafts
    .
  8. Configure Identity Firewall settings
    This option is available if you have enabled NSX Advanced Firewall features. Before you can use this feature, you have to enable it and apply it to one or more SDDC clusters.
    1. On the
      Distributed Firewall
       tab, click
      ACTIONS
      Settings
      General Settings
       and toggle
      Identity Firewall Status
       to
      Enable
      .
    2. Click the
      Identity Firewall Settings
       tab and choose the SDDC clusters where you want to enable this feature.

Content feedback and comments