VMware Cloud Community
none95
Enthusiast
Enthusiast
‎09-11-2010 08:23 AM

How to add "ANY" address to vShield Zones 4.1 Firewall Rules?

Hi,

Anyone knows how to create vShield 4.1 firewall rules that have ANY source or ANY destination as IP address?

I tried to enter the ANY keyword and 0.0.0.0/0, but the vShield Manager turns the entries red and does not allow me to commit the rule.

Thanks.

1 Reply
carlosVSZ
VMware Employee
VMware Employee
‎10-19-2010 10:47 AM

Try using the source addresses 1.1.1.1/1 plus 128.1.1.1/1 to effectively cover all IP’s making it equivalent to ANY. You will have to create 2 rules per action.

Say for example you want to block ALL traffic from ANY going to subnet 192.168.115.1/23. You need these 4 rules, one pair for TCP and one pair for UDP

You would create the following rules:

Source | Port |Dest|Dest Port| Protocol| Action

1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |TCP | DENY

128.1.1.1/1| ANY | 10.115.199.1/23| ANY |TCP | DENY

1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |UDP | DENY

1.1.1.1/1 | ANY | 10.115.199.1/23| ANY |UDP | DENY

The L2/L3 rules would be like this:

SOURCE |DESTINATION |PROTOCOL | ACTION

1.1.1.1/1 | 10.115.199.1/23 |ICMP ANY | DENY

128.1.1.1/1 | 10.115.199.1/23 | ICMP ANY | DENY