Manage Distributed
Firewall Rules
Traffic attempting to pass through the
firewall is subjected to the rules in the order shown in the
ALL
RULES
. The order of distributed firewall rules in the
ALL RULES
list is the union of the ordered list of
policies and the ordered list of rules in each policy. You can reorder the
distributed firewall sections and rules within a section. You can also edit existing
distributed firewall configuration, delete, or clone a firewall rule or section. - Log in to theVMware Cloud on AWS GovCloudat https://www.vmc-us-gov.vmware.com/.
- Select.
- Modify policy settings.Click the vertical ellipsis button at the beginning of the policy row to take bulk actions, which affect all rules in the policy. You cannot modify these settings if the policy includes any rules.
- Reorder policies.A policy created from theADD POLICYbutton is placed at the top of the list of policies. Firewall rules in each policy are applied in policy order from top to bottom. To change the position of a policy (and all the rules it contains) in the list, select it and drag it to a new position. ClickPUBLISHto publish the change.
- Clone or copy a rule.Click the vertical ellipsis button at the beginning of the rule row.
- Clone Ruleto make a copy of the rule in this policy.
- Copy Ruleto make a copy of the rule that you can add to another policy.
- Add or delete a rule.Click the vertical ellipsis button at the beginning of the rule row.
- Add Ruleto add a rule in this policy.
- Delete Ruleto delete the rule from this policy.
- Save or view distributed firewall configurations.Distributed firewall configurations inVMware Cloud on AWS GovCloudare similar to the Firewall Drafts feature of on-premises NSX-T. Click to view a list of saved configurations. Click to save the current configuration. Configurations are auto-saved by default. Click to disableAuto Save Drafts.
- Configure Identity Firewall settingsThis option is available if you have enabled NSX Advanced Firewall features. Before you can use this feature, you have to enable it and apply it to one or more SDDC clusters.
- On theDistributed Firewalltab, click and toggleIdentity Firewall StatustoEnable.
- Click theIdentity Firewall Settingstab and choose the SDDC clusters where you want to enable this feature.