Managing distributed firewalls

BMC Cloud Lifecycle Management supports the management of distributed firewalls (such as the Cisco Virtual Security Gateway (VSG) appliance) from the Manage Firewall Rules dialog box. Distributed firewalls, also called transparent hypervisor firewalls or layer 2 firewalls, protect traffic within the same network. Rules for this type of firewall are distributed across the switch ports, securing what is referred to as east/west traffic.

For information about configuring distributed firewalls in BMC Network Automation, see Configuring Cisco VSG firewalls.

To manage a distributed firewall from a network container

You can access the Manage Firewall Rules dialog from the Resource Manager > Network > Network Containers workspace or from the accompanying Details pane for the selected container.

1. From the BMC Cloud Lifecycle Management Administration Console, perform the following steps:
   1. Click the vertical Workspaces menu on the left side of the window and select Resources.
   2. Under Quick Links on the left, click Network Containers under the Network section to display the network containers.
   3. Select a network container that has a distributed firewall that you want to manage.
   4. Click the Manage Firewall Rules icon .
2. From the Details pane, perform the following steps:
   1. Select the network container with the distributed firewall entry or entries.
   2. Expand the Details pane.
   3. Under the Distributed Firewalls label, select the firewall from the table.
   4. Click the Manage Distributed Firewall Rules icon .
      The Manage Firewall rules dialog is displayed.
      
3. Click the Distributed Firewalls tab.

4. Review the following field descriptions:

   Field	Description
   Distributed Firewall	Select the distributed firewall to manage from the drop-down list, if the firewall is not already displayed.
   Mode	Read or edit. To make changes to the corresponding rules, switch to edit mode. You must choose a network interface before you can update a rule in edit mode.
   Interface	The interface of the firewall. The interface uses the access control list (ACL) to filter traffic flowing between virtual machines (VMs).
   Network Container	Name of the selected network container.
   Network/Zone	The name of the network and zone (logical group of VMs or hosts) that the distributed firewall is securing.
   Switch	The switch to which the distributed firewall is connected.
   Enforceability	Click this field to enable the firewall rule.
   Allow Traffic	Choose deny or permit.
   Description	Enter a description for the rule.
   Log	Click this field to enable logging.
   Locked	Click this field to lock the firewall rule which prevents end users and tenant administrators from deleting or editing the rule.
   Hidden	Click this field to hide the rule from end users and tenant administrators.
   Source	Select one of the following for the source address: Host Address — Enter the host address. Network Address and Network Mask — Enter the network address and mask.
   Destination	Select one of the following for the following for the destination address: Host Address — Enter the host address. Network Address and Network Mask — Enter the network address and mask.

   
   5. After you have completed the updates, click Save to save any changes you have made to the distributed firewall rules.

Where to go from here

You can now create a new rule or edit an existing rule.

Related topics

Overview of managing firewalls for network containers

Managing perimeter firewalls

Creating network containers

Managing dynamic components for network containers