이 문서에서는 네트워크 정책을 사용하여 VMware 워크로드가 인터넷에 액세스할 수 있는지 또는 인터넷에서 VMware 워크로드에 액세스할 수 있는지 여부를 제어하는 방법을 설명합니다.
각 네트워크 정책은 VMware Engine 네트워크와 연결되며 VMware Engine 네트워크는 리전 또는 전역일 수 있습니다. 표준 VMware Engine 네트워크는 전역 리소스이지만 기존 VMware Engine 네트워크는 리전 리소스입니다.
네트워크 정책은 VMware Engine 네트워크와 연결된 모든 프라이빗 클라우드에 적용됩니다. 기존 네트워크의 경우 둘 이상의 리전에 프라이빗 클라우드가 배포되어 있고 인터넷 액세스 또는 외부 IP 주소 서비스를 사용 설정하려면 각 리전에 네트워크 정책을 만들어야 합니다.
네트워크 정책 만들기
콘솔, gcloud 또는 API를 사용하여 네트워크 정책을 만듭니다.
콘솔
Google Cloud 콘솔을 사용하여 새 네트워크 정책을 만들려면 다음 안내를 따르세요.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-02-11(UTC)"],[],[],null,["# Create and manage network policies\n==================================\n\nThis document describes how to use network policies to control whether your\nVMware workloads can access or be accessed from the internet.\n\nEach network policy is associated with a VMware Engine network, and\nVMware Engine networks can be either regional or global. *Standard VMware Engine Networks* are global resources, while *Legacy VMware Engine Networks* are regional.\n\nA network policy applies to all private clouds associated with the\nVMware Engine network. For legacy networks, if you have private clouds\ndeployed in more than one region and you want to enable internet access or the\nexternal IP address service, you must create a network policy in each region.\n\nCreate a network policy\n-----------------------\n\nCreate a network policy using the console, `gcloud`, or the API. \n\n### Console\n\nTo create a new network policy using the Google Cloud console:\n\n1. In the Google Cloud console, go to the **Network policies** page.\n\n [Go to Network policies](https://console.cloud.google.com/vmwareengine/network-policies)\n2. Click **Select a project** and then select the organization, folder, or project\n that contains the VMware Engine network you want to associate the\n network policy with.\n\n3. Click **Create**.\n\n4. Provide information about the new network policy:\n\n - **Network policy name:** a name to identify the network policy\n - **Network policy description:** a description of the network policy\n - **VMware Engine network:** the VMware Engine network to associate the policy with\n - **Region:** the region where you want the network policy to apply\n5. In the **Policy details** section, enable or disable network services:\n\n - **Internet access service:** When enabled, VMware Engine allows outbound traffic from internal IP addresses to the internet.\n - **External IP address service:** When enabled, VMware Engine\n lets you [reserve external IP addresses](/vmware-engine/docs/preview/networking/howto-allocate-external-ip) for\n internal IP addresses in the associated private cloud. External IP\n addresses provide inbound traffic access to internal IP addresses from the\n internet.\n\n This service can only be enabled when the internet access service is also\n enabled.\n | **Note:** If you enable internet access and leave the external IP address service disabled, you won't be able to reserve external IP addresses for internal IP addresses covered by this network policy.\n6. In the **Edge services address range** field, enter the IP address range to\n use when addressing the VMware Engine public IP gateway (*/26*\n address range).\n\n7. Click **Create**. VMware Engine begins creating your new network\n policy.\n\n### gcloud\n\nIn `gcloud`, run the [`network-policies create`](/sdk/gcloud/reference/vmware/network-policies/create)\ncommand: \n\n```\ngcloud vmware network-policies create NETWORK_POLICY_ID \\\n --location LOCATION --vmware-engine-network NETWORK_ID \\\n --edge-services-cidr=EDGE_SERVICES_CIDR [--external-ip-access] \\\n [--internet-access]\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e: a name for this network policy\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of this network policy; this must match the VMware Engine network\n- \u003cvar translate=\"no\"\u003eNETWORK_ID\u003cvar translate=\"no\"\u003e\u003c/var\u003e\u003c/var\u003e: the VMware Engine network name\n- \u003cvar translate=\"no\"\u003eEDGE_SERVICES_CIDR\u003c/var\u003e: the IP address range to use when addressing the VMware Engine public IP gateway (*/26* address range)\n- `--external-ip-access`: whether to enable external IP addresses to be assigned to VMware workloads. Must also have `--internet-access` enabled.\n- `--internet-access`: whether VMWare workloads can access the internet\n\n### API\n\nIn the API, make a `POST` request: \n\n```\nPOST https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/networkPolicies?networkPolicyId=NETWORK_POLICY_ID\n\n'{\n \"internetAccess\": INTERNET_ACCESS,\n \"externalIp\": EXTERNAL_IP,\n \"vmwareEngineNetwork\": \"projects/PROJECT_ID/locations/LOCATION/vmwareEngineNetworks/NETWORK_ID\"\n \"edgeServicesCidr\": \"EDGE_SERVICES_CIDR\"\n}'\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project for this request\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of this network policy; this must match the VMware Engine network\n- \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e: a name for this network policy\n- \u003cvar translate=\"no\"\u003eINTERNET_ACCESS\u003c/var\u003e: whether VMWare workloads can access the internet; set this to `true` or `false`\n- \u003cvar translate=\"no\"\u003eEXTERNAL_IP\u003c/var\u003e: whether to enable external IP addresses to be assigned to VMware workloads. Must also have `internetAccess` enabled; set this to `true` or `false`.\n- \u003cvar translate=\"no\"\u003eNETWORK_ID\u003cvar translate=\"no\"\u003e\u003c/var\u003e\u003c/var\u003e: the VMware Engine network name\n- \u003cvar translate=\"no\"\u003eEDGE_SERVICES_CIDR\u003c/var\u003e: the IP address range to use when addressing the VMware Engine public IP gateway (*/26* address range)\n\nEdit a network policy\n---------------------\n\n### Console\n\nTo edit an existing network policy using the Google Cloud console, do the following:\n\n1. In the Google Cloud console, go to the **Network policies** page.\n\n [Go to Network policies](https://console.cloud.google.com/vmwareengine/network-policies)\n2. Click **Select a project** and then select the organization, folder, or project\n that contains the VMware Engine network you want to edit the network policy for.\n\n3. In the list of network policies, find the network policy that you want to\n edit.\n\n4. Click the **More** more_vert\n icon at the end of a row and select **Edit**.\n\n5. On the page that appears, adjust the network policy as you need.\n\n6. Click **Save**.\n\n### gcloud\n\nTo update a network policy, use the [`network-policies update` command](/sdk/gcloud/reference/vmware/network-policies/update): \n\n```\ngcloud vmware network-policies update NETWORK_POLICY_ID \\\n --location LOCATION \\\n --edge-services-cidr=EDGE_SERVICES_CIDR [--external-ip-access] \\\n [--internet-access]\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e: the name of the network policy\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of this network policy\n- \u003cvar translate=\"no\"\u003eEDGE_SERVICES_CIDR\u003c/var\u003e: the IP address range to use when addressing the VMware Engine public IP gateway (*/26* address range)\n- `--external-ip-access`: whether to enable external IP addresses to be assigned to VMware workloads. Must also have `--internet-access` enabled.\n- `--internet-access`: whether VMWare workloads can access the internet\n\n### API\n\nIn the API, make a `PATCH` request: \n\n```\nPOST https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/networkPolicies?networkPolicyId=NETWORK_POLICY_ID\n\n'{\n \"internetAccess\": INTERNET_ACCESS,\n \"externalIp\": EXTERNAL_IP,\n \"edgeServicesCidr\": \"EDGE_SERVICES_CIDR\"\n}'\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project for this request\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of this network policy\n- \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e: the name of this network policy\n- \u003cvar translate=\"no\"\u003eINTERNET_ACCESS\u003c/var\u003e: whether VMWare workloads can access the internet; set this to `true` or `false`\n- \u003cvar translate=\"no\"\u003eEXTERNAL_IP\u003c/var\u003e: whether to enable external IP addresses to be assigned to VMware workloads. Must also have `internetAccess` enabled; set this to `true` or `false`.\n- \u003cvar translate=\"no\"\u003eEDGE_SERVICES_CIDR\u003c/var\u003e: the IP address range to use when addressing the VMware Engine public IP gateway (*/26* address range)\n\nDelete a network policy\n-----------------------\n\nTo delete an existing network policy, take the following steps. \n\n### Console\n\n1. In the Google Cloud console, go to the **Network policies** page.\n\n [Go to Network policies](https://console.cloud.google.com/vmwareengine/network-policies)\n2. Click **Select a project** and then select the organization, folder, or project\n that contains the VMware Engine network you want to delete the network policy for.\n\n3. In the list of network policies, find the network policy that you want to\n delete.\n\n4. Click the **More** more_vert\n icon at the end of a row and select **Delete**.\n\n### gcloud\n\nIn `gcloud`, use the [`network-policies delete` command](/sdk/gcloud/reference/vmware/network-policies/delete): \n\n```\ngcloud vmware network-policies delete NETWORK_POLICY_ID\n```\n\nReplace \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e with the name of the network\npolicy to delete.\n\n### API\n\nMake a `DELETE` request to the network policy resource: \n\n```\nDELETE https://vmwareengine.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/networkPolicies/NETWORK_POLICY_ID\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project for this request\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of this network policy\n- \u003cvar translate=\"no\"\u003eNETWORK_POLICY_ID\u003c/var\u003e: the name of this network policy\n\nWhat's next\n-----------\n\n- [Manage your private cloud resources and activity](/vmware-engine/docs/private-clouds/howto-manage-private-cloud)."]]