Description

1. DFW enables Layer 3 and Layer 4 security protection for the internal traffic of a data center, significantly reducing the impact of attacks on the data center.
2. If both VDI and HCI VMs exist on a tenant VPC network, an applicable scope can be configured to make the policy applicable to specified VMs only.

Precautions

1. DFW is used to protect traffic transmitted over Layer 4.
2. If HCI is managed by SCP but no communication domain is created, the existing DFW policy remains unchanged but will not be displayed.
3. If HCI is managed by SCP and a communication domain is created, the existing DFW policy becomes unavailable.
4. If HCI is upgraded to 6.7.0, the existing DFW policy will be included in the default policy.

Prerequisites

You have purchased an aNET license.

Steps

1. Go to Networking > Distributed Firewall and click Create.

2. Create a DFW policy.

• Set the policy name and priority.

• Click New Rule. Specify the source and destination IP addresses or VMs, select the target service or customize the service protocol and port, select an action, and enable the rule.

• Click Applicable Scope to set the applicable scope of the policy, which can be a custom group of VMs.

3. Click OK.

• Name: Specify the DFW policy name.

• Priority: Specify the priority of the policy among other policies.

• Priority in the list: Specify the priority of a rule in the policy. A smaller value indicates a higher priority.