Set up firewall tables and rules for private clouds

Firewall tables and the associated rules let you specify restrictions on traffic to apply to particular subnets.

A subnet can be associated with one firewall table. A firewall table can be associated with multiple subnets.

Add a new firewall table

  1. Access the Google Cloud VMware Engine portal and select Network.
  2. Select Firewall Tables.
  3. Select Create new firewall table.
  4. Enter a name for the table.
  5. The new firewall table has a default rule. To create an additional rule, click Add rule. For more information, see the following section, Creating a firewall rule.
  6. To save the firewall table, click Done.

Create a firewall rule

Firewall rules determine how the firewall treats specific types of traffic. The Rules tab for a selected firewall table lists all of the associated rules.

  1. After you display the settings, you can create a firewall rule in either of the following ways:

    • When you create a firewall table, click Add rule.
    • Click Network > Firewall tables, select the firewall table, and then click Create new rule.
  2. Set properties of the rule:

    • Name. Give the rule a name.
    • Priority. Assign a numbered priority to the rule. The minimum is 100. Rules with lower numbers are executed first.
    • Traffic type. Select whether the rule is for private cloud, internet, or VPN traffic (stateless), or for a public IP address (stateful).
    • Protocol. Select the protocol covered by the rule (TCP, UDP, or any protocol).
    • Direction. Select whether the rule is for inbound or outbound traffic. You must define separate rules for inbound and outbound traffic.
    • Action. Select the action to take if the rule matches (allow or deny).
    • Source. Specify the sources covered by the rule (CIDR block, internal, or any source).
    • Source port range. Specify the range of ports subject to the rule.
    • Destination. Specify the destinations covered by the rule (CIDR block, internal, or any source).
    • Destination port range. Specify the range of ports subject to the rule.
  3. To save the rule and add it to the list of rules for the firewall table, click Save and back.

  4. To save the settings for the firewall table, click Submit.

Attach firewall table to a subnet

After you define a firewall table, you can specify the subnets that are subject to the rules in the table.

  1. On the Network > Firewall tables page, select a firewall table.
  2. Open the Attached subnets tab.
  3. Click Attach to a subnet.
  4. Select the private cloud and subnet. The associated subnet name and CIDR block are shown.
  5. Click Submit.

What's next