Configures layer3Sections and layer2Sections for the distributed firewall.

Note

VMware recommends you issue a GET request to retrieve the distributed firewall configuration, modify the configuration, then submit the changes by sending a PUT request.

Prerequisites
1

Log in to vCloud Air as an administrator. See Log in to vCloud Air for information.

2

Create a login session with vCloud Director. See Create a Session for a Virtual Data Center in a Service for information.

3

Using the vCloud API, query vCloud Director for the ID of the distributed firewall for which you require firewall rules configuration details. See Querying the vCloud API for information.

Note

Configuring the distributed firewall is possible only when you have the vCloud Air Dedicated Cloud subscription service.

Procedure
1

Request the current configuration for the distributed firewall. See List Distributed Firewall Configuration.

2

Examine the response and update the required elements.

For a description of each element of the distributed firewall schema, see Schema for Distributed Firewall Configuration.

3

Submit the updated configuration using the following request header and request body:

PUT https://vchs.vmware.com/hybridity/api/firewall/Id/config

In the request header, include the OATH token and the Accept header that you obtained when creating a login session: 

Accept: application/json
Content-Type: application/json
X-Vcloud-Authorization: "vcloud-auth-token"

In the request body, include the schema elements you retrieved and updated from the GET request.

The server returns status 204 NO CONTENT in the response header. The server does not return a response body.

Example: Requests and Responses to Configure the Distributed Firewall

Request Header – Configure the Distributed Firewall 

PUT https://vchs.vmware.com/hybridity/api/firewall/Id/config
Accept: application/json
Content-Type: application/json
X-Vcloud-Authorization: "d6eFLOqQYfuEn2MJTp7BQ2ISEO+ZYaEgTcqBy8wZQ6js="

Request Body – Configure the Distributed Firewall 

{
"timestamp" : 1454059459104, // Immutable
"contextId" : "75050ff3-8021-41d7-8c4e-debf7de693bc", // Immutable
"layer3Sections" : {   // Layer 3 firewall rules
  "layer3Sections" : [ {
    "id" : "1008",   // Immutable; Auto-generated
    "name" : "Default Section Layer3",   //  Immutable. Cannot be modified
    "generationNumber" : "1454059454766", // Immutable
    "timestamp" : 1454059454766,   // Immutable
    "contextId" : "75050ff3-8021-41d7-8c4e-debf7de693bc",  // Immutable
    "rules" : [ {
      "name" : "Default Rule",
      "id" : 1013,    // Immutable; Auto-generated
      "disabled" : false,   // Enable/Disable rule
      "action" : "allow",   // Action to allow/deny/drop traffic
      "logged" : false,     // Generate logs for this rule | true/false
      "appliedToList" : {   // Where this rule is applied
        "appliedToList" : [ {
          "name" : "Sample26",
          "value" : "75050ff3-8021-41d7-8c4e-debf7de693bc", // Rules apply to Org VDCs
          "type" : "Datacenter",
          "isValid" : true,
          "global" : false
        } ]
      },
      "sectionId" : "1008"  // Rule section ID must match ID of section it is in
    } ]
  } ]
},
"layer2Sections" : {   // These are Layer 2 firewall rules. Layer 3 comments apply
  "layer2Sections" : [ {
    "id" : "1009",
    "name" : "Default Section Layer2",
    "generationNumber" : "1454059459104",
    "timestamp" : 1454059459104,
    "contextId" : "75050ff3-8021-41d7-8c4e-debf7de693bc",
    "rules" : [ {
      "name" : "Default Rule",
      "id" : 1014,
      "disabled" : false,
      "action" : "allow",
      "logged" : false,
      "appliedToList" : {
        "appliedToList" : [ {
          "name" : "Sample26",
          "value" : "75050ff3-8021-41d7-8c4e-debf7de693bc",
          "type" : "Datacenter",
          "isValid" : true,
          "global" : false
        } ]
      },
      "sectionId" : "1009"
    } ]
  } ]
},
"generationNumber" : "1454059459104"
}