vCloud Director 5.5.3
Hi
I have a vApp with ~30 VMs. I want to test a situation where two of the VMs in my vApp must communicate through a firewall. Specifically, I want to set up this firewall to only allow the ssh protocol to be used to communicate between these two systems.
Within the vApp, I click the Networking tab, right-click the network used to connect the VMs and select 'Configure Services...'. I click the Firewall tab, select 'Enable firewall', for 'Default action' I select Allow. When I click Ok then Apply, I see that all of my VMs can communicate with each other. So far, so good.
I again select 'Configure Services...', click the Firewall tab, and click Add to add a specific firewall rule. As an initial test, I want to create a rule that will block all access between two of the VMs in my vApp. In the 'Add Firewall Rule' page, I select/enter:
Enabled [checked]
Name: "Block access between A and B"
Source: 192.168.2.108
Source port: any
Destination: 192.168.2.125
Destination port: any
Protocol: any
Action: Deny
Log network traffic for firewall rule [checked]
I've clicked Ok on the 'Edit Firewall Rule' page, clicked 'OK' on the 'Configure Services...' page, and then clicked 'Apply' on the vApp' 'Networking' page. When I go back into 'Configure services...', Firewall tab, I see that the rule that I created has a green check in the Enabled column.
Yet, when I log in to 192.168.2.108, I'm able to ping 192.168.2.125.
As a test, I clicked the Networking tab, right-clicked the network used to connect the VMs and select 'Configure Services...'. I clicked the Firewall tab, selected 'Enable firewall', for 'Default action' I selected Deny. When I click Ok then Apply, I found that all of the VMs in my vApp could not communicate with each other. So, I see that the firewall must be functional.
What could I have done wrong to have this not work? Have I run into a defect in vCD 5.5.3?
Thanks!
tl