You can refer to the below tasks to Create services and groups and apply the services and groups to firewall rules:
Create Services
Create Groups
Apply Groups and Services to Firewall Rules
Create a Firewall Rule for Amazon EFS and Amazon RDS
Create Services:
In the VMware Cloud console browser tab, navigate to the SDDC summary page
Click the Networking & Security tab
Under Inventory, click Services
Create a custom service for Amazon EFS connectivity using port 2049
Click ADD SERVICE
Enter AWS-EFS for the Name of the service
Click Set Service Entries
The Set Service Entries window appears
On the Port-Protocol tab, click ADD SERVICE ENTRY
Enter EFS for the Service Entry Name
In the Service Type drop-down menu, select TCP
Leave the Source Ports text box empty
In the Destination Ports text box, enter 2049
Click APPLY
Click SAVE
Create Groups:
You create inventory groups and add membership criteria
In the VMware Cloud console browser tab, navigate to the SDDC summary page, if necessary
On the Networking & Security tab for the SDDC, click Groups under Inventory
On the Compute Groups tab, create a group associated with the on-premises management network
Click ADD GROUP
Enter on-prem-management for the Group Name
Click Set Members
The Select Members window opens
Click the IP Addresses tab
Enter 172.20.10.0/24 for the IP address
Click APPLY
Click SAVE
Create a group associated with the VMware Cloud segment network
Click ADD GROUP
Enter vmc-subnet-1 as the Group Name
Click Set Members
The Select Members window opens
Click the Members tab
In the Category drop-down menu, select Segments
Select the sddc-cgw-network-1 check box
Click APPLY
Click SAVE
Create a group associated with the Photo-App-01 virtual machine.
Click ADD GROUP
Enter Photo-App as the Group Name
Click Set Members
The Select Members window opens
Click the Members tab
In the Category drop-down menu, select Virtual Machines
Select the Photo-App-01 virtual machine check box
Click APPLY
Click SAVE
Apply Groups and Services to Firewall Rules:
You apply groups and services to compute firewall rules
In the VMware Cloud console browser tab, navigate to the SDDC summary page, if necessary
On the Networking & Security tab for the SDDC, click Gateway Firewall under Security
On the Compute Gateway tab, edit the Allow-All compute gateway firewall rule
In the Name text box, click Allow-All and enter Allow-VPN as the new rule name
In the Sources text box for the Allow-VPN rule, click the edit icon
The Set Source window appears
Select the on-prem-management check box and click APPLY
In the Destinations text box, click the edit icon
The Set Destination window appears
Select the vmc-subnet-1 check box and click APPLY
In the Services text box, click the edit icon
The Set Services window appears
Select the ICMP ALL, SSH, and HTTP check-boxes
You can use the Apply Filter text field to search for the services
Click APPLY
Click PUBLISH to save the modifications to the firewall rule
Create a Firewall Rule for Amazon EFS and Amazon RDS:
You create a new firewall rule to allow traffic from Amazon Elastic File System (EFS) and Amazon Relational Database Service (RDS) to the virtual machine.
On the Network & Security tab for the SDDC, click Gateway Firewall under Security and open the Compute Gateway tab, if not already open
Create a new firewall rule to allow traffic from the Photo-App-01 VM to Amazon EFS and Amazon RDS (MySQL)
Click ADD RULE
Enter AWS-Services in the New Rule text box
In the Sources text box, click the edit icon
The Set Source window appears
Select the Photo-App check box and click APPLY
In the Destinations text box, click the edit icon
The Set Destination window appears
Select the Connected VPC Prefixes check box and click APPLY
In the Services text box, click the edit icon
The Set Services window appears
Select the AWS-EFS and MYSQL check boxes
You can use the Apply Filter text field to search for the services
Click APPLY
Click PUBLISH to save the modifications to the firewall rule
Comments