Information on this page applies only to non-advanced edge gateways. For information on how to manage firewall for advanced edge gateways, refer to NSX Firewalls

This functionality is available for users with the vCloud Organization Administrator role.

Create Firewall Rules


  1. Go to your Control Panel > Cloud > Edge Gateways menu.
  2. Click specific Edge Gateway's label.
  3. Click the Firewall Service tab > Firewall Rules
  4. Click the Add New Rule button. 
  5. Set the following:
    • Enabled - whether the firewall rule is enabled or not.
    • Description - the description of the firewall rule.
    • Command - there are two commands:
      • ACCEPT – defines the packets that will be accepted by the firewall.
      • DROP – defines the packets that will be rejected by the firewall.
    • Source - the source IP address for which this firewall rule is active. This can be an IP address, CIDR, IP range, "any", "internal" or "external". This field is not case sensitive.
    • Source port - the source port for which this firewall rule is effective.
    • Destination - the destination IP address for which this firewall rule is active. This can be an IP address, CIDR, IP range, "any", "internal" or "external". This field is not case sensitive.
    • Destination port - the destination port for which this firewall rule is effective.
    • Protocol - there are several types of protocol - TCP, UDP, ICMP, TCP+UDP or any.
    • Enable logging - tick this check box to enable logging.
  6. Click the Create button.


Edit Firewall Rules


  1. Go to your Control Panel > Cloud > Edge Gateways menu.
  2. Click specific Edge Gateway's label.
  3. Click the Firewall Service tab > Firewall Rules
  4. On the page that appears you will see the list of firewall rules. Click the Edit icon next to the firewall rule you want to edit.
  5. Change the following settings:
    • Enabled - whether the firewall rule is enabled or not.
    • Description - the description of the firewall rule.
    • Command - there are two commands:
      • ACCEPT – defines the packets that will be accepted by the firewall.
      • DROP – defines the packets that will be rejected by the firewall.
    • Source - the source IP address for which this firewall rule is active. This can be an IP address, CIDR, IP range, "any", "internal" or "external". This field is not case sensitive.
    • Source port - the source port for which this firewall rule is effective.
    • Destination - the destination IP address for which this firewall rule is active. the destination IP address for which this firewall rule is active. This can be an IP address, CIDR, IP range, "any", "internal" or "external". This field is not case sensitive.
    • Destination port - the destination port for which this firewall rule is effective.
    • Protocol - there are several types of protocol - TCP, UDP, ICMP, TCP+UDP or any.
    • Enable logging - tick this check box to enable logging.
  6. Click the Save button.


Delete Firewall Rules


  1. Go to your Control Panel > Cloud > Edge Gateways menu.
  2. Click specific Edge Gateway's label.
  3. Click the Firewall Service tab > Firewall Rules
  4.  On the page that appears you can see the list of firewall rules. Click the Delete icon next to the firewall rule you want to delete. Confirm the deletion.