How to Manage Your vShield Firewall from vCloud Director
This video demonstrates how to manage vShield firewall and NAT policies from vCloud Director Plans.
Hello and welcome to this Infinitely Virtual training video. In this tutorial we will learn how to manage your vShield Firewall with vCloud Director. In the first section we will look at vCloud Firewall management and in the second section we will look at vCloud NAT rules.
vCloud Director is used to managed your vApps and VMs. It is a web-based management interface allowing console access. Ability to start, stop, reboot, install operating systems and boot from CD/DVD and floppy drives are some of the features. Let’s login to vCloud.
Open either Internet Explorer or Firefox. Navigate to https://vcd01.infinitelyvirtual.com/cloud/org/accountnumber. The URL and account number are available in the customer portal under technical contacts and are included in the getting started email. Enter your username then click login.
This section concentrates on vCloud firewall management. Firewalls are an important part of the network and service security. Unless defined, all incoming traffic is blocked if the firewall is enabled. You may have applications and servers that require one or more ports to be open such as web servers ftp servers and email servers. The following instructions show step by step how to add, edit, and delete roles. Once logged in, click ‘Administration.’ Click ‘Networks’ and select your network. Click the ‘Actions’ icon then click ‘Configure services.’ Click the ‘Firewall’ tab and select ‘Enable firewall.’ To add a firewall role, click ‘Add,’ give the role a name, for example ‘http,’ select traffic direction. Select ‘Incoming’ for any traffic you want to allow from outside such as from a web server. Enter the source, type in astericks to allow all or type in a specific IP, subnet, or range. This can be used to allow only certain servers or computers to connect such as when you only want to allow remote access to a server from your office computer. Type the source port. Leave this to the default of astericks to match any port unless in rare cases where you know the source port from where the traffic is originating from. Enter the destination. This is the server IP address. For example 192.168.0.5. Then enter the destination port. This is the port you want to open. Typing in astericks will open all the ports. Select the protocol. TCP is the most common choice. Select ‘Action.’ Check mark ‘Enable’ and optionally you can select ‘log network traffic for firewall role.’ Click ‘Okay.’
To edit a firewall role, select the role to edit, click ‘Edit,’ make the appropriate changes, and then click ‘Okay’ to save the changes.
To delete a firewall role, select the role to delete. Select ‘Delete.’
In this section we will look at configuring vCloud NAT rules. Configuring network address translation NAT roles, allows use of one external IP address for multiple servers. This may be configured to map ports to internal servers and map external IP addresses to one server. To configure NAT port forwarding. Click the ‘Administration’ tab. Click ‘Networks.’ Select the network. Make sure to select the internal rooted network. Click ‘Actions’ and select ‘configure services.’
Click the NAT mapping tab. Click ‘Add.’ Select the external IP. Select or type in the external port. Type in the internal server IP. Type in the internal server port, select the protocol, and click ‘Okay.’ To configure NAT IP translation, select ‘IP translation’ select the external IP, enter the internal IP and click ‘Okay.’ Click ‘okay’ when done adding, editing, and deleting roles.