[VMC on AWS] How to enable whitelist strategy in Distributed Firewall
Article ID: 327094
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
Distributed Firewall (DFW) defaults to blacklist behavior. This means that traffic is permitted unless specifically blocked by a "deny" rule.
If you want to enable whitelist strategy, you can use it by changing the following setting.
Also, this article is based on SDDC 1.12 version and might be changed in the future.
If you want to enable whitelist strategy, you can use it by changing the following setting.
Also, this article is based on SDDC 1.12 version and might be changed in the future.
Resolution
[Whitelist strategy]
Please change the setting of "Default Layer3 Rule" from "Allow" to "Drop" as below.
・Path : VMC console > SDDC > Networking & Security > Security (Distributed Firewall) > APPLICATION Category
・Action : Drop
※NOTE: If you change the setting to "Drop", Please note that all communication between virtual machines will be blocked.
[Blacklist strategy]
・Path : VMC console > SDDC > Networking & Security > Security (Distributed Firewall) > APPLICATION Category
・Action : Allow
Please change the setting of "Default Layer3 Rule" from "Allow" to "Drop" as below.
・Path : VMC console > SDDC > Networking & Security > Security (Distributed Firewall) > APPLICATION Category
・Action : Drop
※NOTE: If you change the setting to "Drop", Please note that all communication between virtual machines will be blocked.
[Blacklist strategy]
・Path : VMC console > SDDC > Networking & Security > Security (Distributed Firewall) > APPLICATION Category
・Action : Allow
Additional Information
Feedback
Yes
No
Powered by
