<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Use vCD firewall to limit conversation between two VMs to certain protocols in VMware vCloud Director Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-vCloud-Director/Use-vCD-firewall-to-limit-conversation-between-two-VMs-to/m-p/1412118#M6314</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;vCloud Director 5.5.3&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have a vApp with ~30 VMs. I want to test a situation where two of the VMs in my vApp must communicate through a firewall. Specifically, I want to set up this firewall to only allow the ssh protocol to be used to communicate between these two systems.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Within the vApp, I click the Networking tab, right-click the network used to connect the VMs and select 'Configure Services...'. I click the Firewall tab, select 'Enable firewall', for 'Default action' I select Allow. When I click Ok then Apply, I see that all of my VMs can communicate with each other.&amp;nbsp; So far, so good.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I again select 'Configure Services...', click the Firewall tab, and click Add to add a specific firewall rule. As an initial test, I want to create a rule that will block all access between two of the VMs in my vApp. In the 'Add Firewall Rule' page, I select/enter:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Enabled [checked]&lt;/P&gt;&lt;P&gt;Name: "Block access between A and B"&lt;/P&gt;&lt;P&gt;Source: 192.168.2.108&lt;/P&gt;&lt;P&gt;Source port: any&lt;/P&gt;&lt;P&gt;Destination: 192.168.2.125&lt;/P&gt;&lt;P&gt;Destination port: any&lt;/P&gt;&lt;P&gt;Protocol: any&lt;/P&gt;&lt;P&gt;Action: Deny&lt;/P&gt;&lt;P&gt;Log network traffic for firewall rule [checked]&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've clicked Ok on the 'Edit Firewall Rule' page, clicked 'OK' on the 'Configure Services...' page, and then clicked 'Apply' on the vApp' 'Networking' page. When I go back into 'Configure services...', Firewall tab, I see that the rule that I created has a green check in the Enabled column.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Yet, when I log in to 192.168.2.108, I'm able to ping 192.168.2.125.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;As a test, I clicked the Networking tab, right-clicked the network used to connect the VMs and select 'Configure Services...'. I clicked the Firewall tab, selected 'Enable firewall', for 'Default action' I selected Deny. When I click Ok then Apply, I found that all of the VMs in my vApp could not communicate with each other.&amp;nbsp; So, I see that the firewall must be functional.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;What could I have done wrong to have this not work?&amp;nbsp; Have I run into a defect in vCD 5.5.3?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;&lt;P&gt;tl&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Thu, 13 Dec 2018 16:58:06 GMT</pubDate>
    <dc:creator>TerryLemons</dc:creator>
    <dc:date>2018-12-13T16:58:06Z</dc:date>
    <item>
      <title>Use vCD firewall to limit conversation between two VMs to certain protocols</title>
      <link>https://communities.vmware.com/t5/VMware-vCloud-Director/Use-vCD-firewall-to-limit-conversation-between-two-VMs-to/m-p/1412118#M6314</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;vCloud Director 5.5.3&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have a vApp with ~30 VMs. I want to test a situation where two of the VMs in my vApp must communicate through a firewall. Specifically, I want to set up this firewall to only allow the ssh protocol to be used to communicate between these two systems.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Within the vApp, I click the Networking tab, right-click the network used to connect the VMs and select 'Configure Services...'. I click the Firewall tab, select 'Enable firewall', for 'Default action' I select Allow. When I click Ok then Apply, I see that all of my VMs can communicate with each other.&amp;nbsp; So far, so good.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I again select 'Configure Services...', click the Firewall tab, and click Add to add a specific firewall rule. As an initial test, I want to create a rule that will block all access between two of the VMs in my vApp. In the 'Add Firewall Rule' page, I select/enter:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Enabled [checked]&lt;/P&gt;&lt;P&gt;Name: "Block access between A and B"&lt;/P&gt;&lt;P&gt;Source: 192.168.2.108&lt;/P&gt;&lt;P&gt;Source port: any&lt;/P&gt;&lt;P&gt;Destination: 192.168.2.125&lt;/P&gt;&lt;P&gt;Destination port: any&lt;/P&gt;&lt;P&gt;Protocol: any&lt;/P&gt;&lt;P&gt;Action: Deny&lt;/P&gt;&lt;P&gt;Log network traffic for firewall rule [checked]&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've clicked Ok on the 'Edit Firewall Rule' page, clicked 'OK' on the 'Configure Services...' page, and then clicked 'Apply' on the vApp' 'Networking' page. When I go back into 'Configure services...', Firewall tab, I see that the rule that I created has a green check in the Enabled column.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Yet, when I log in to 192.168.2.108, I'm able to ping 192.168.2.125.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;As a test, I clicked the Networking tab, right-clicked the network used to connect the VMs and select 'Configure Services...'. I clicked the Firewall tab, selected 'Enable firewall', for 'Default action' I selected Deny. When I click Ok then Apply, I found that all of the VMs in my vApp could not communicate with each other.&amp;nbsp; So, I see that the firewall must be functional.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;What could I have done wrong to have this not work?&amp;nbsp; Have I run into a defect in vCD 5.5.3?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;&lt;P&gt;tl&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 13 Dec 2018 16:58:06 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCloud-Director/Use-vCD-firewall-to-limit-conversation-between-two-VMs-to/m-p/1412118#M6314</guid>
      <dc:creator>TerryLemons</dc:creator>
      <dc:date>2018-12-13T16:58:06Z</dc:date>
    </item>
  </channel>
</rss>

