VMware Cloud Community
jamaxwell
Contributor
Contributor
‎05-30-2014 11:17 AM

Using the firewall to block communication between 2 machines in a vApp

So we're using VCD (5.1.2) for software testing, and we need to make sure that our client can communicate to our server via a web proxy.  We did that in Lab Manager by creating an isolated (no routes) network for the clients, with a proxy server on both networks, so that we were certain that any communication that occurred was going through the proxy.  We can do this in vcd as well (see vcdIsolatedNetwork1.png), but to make it even easier, I was hoping to use the built-in firewall to do it (vcdSingleNetwork.png).  However when I tried this, I couldn't get the firewall to block anything. 

I'm guessing that the firewall is designed to affect external stuff (communication between different networks/port groups), not internal stuff (communication inside a network/port group).  Is there a way to get the firewall to block stuff this way, or do I have to use two networks?

Preview file
43 KB
Preview file
58 KB
0 Kudos
1 Reply
cfor
Expert
Expert
‎06-02-2014 06:05 AM

The VCD edge firewall only looks at the edge traffic (North/South of one of its networks).

You could use the proxy.

You could also look at creating a vapp with 2 networks, put on VM on each of these networks.  Then setup static routing between those networks in the network configuration.  I am not sure (but worth a test) this might let the firewall get involved.  The only issue I do know of is that this static routing does not seem to exist until created after each deploy.

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos