Toggle Navigation Toggle Navigation
  • Lumen Connect overview
  • Getting started/General
  • Services
  • APIs
  • Monitoring & Reports
  • Billing
  • Admin
  • Support
  • Orders (Wholesale)
  • Other portals overview
  • Media portal
  • DDoS Mitigation & Reporting
  • Security Solutions portal
  • VoIP portal
  • View all product support
  • Infrastructure
  • Connectivity
  • Security
  • Communication
  • Media & Entertainment
  • LSR portal
  • Port Out Request tool
  • Virtual Front Office
  • Readiness overview
  • Product-specific readiness
  • Handbooks
  • All infrastructure services
  • Edge Bare Metal
  • Edge Gateway
  • Edge Private Cloud
  • Encrypted Wavelength Service
  • Network Storage
  • All connectivity services
  • Ethernet On-Demand
  • Fiber+ Internet
  • Internet On-Demand
  • IP VPN On-Demand
  • NaaS Port
  • On-Demand services
  • Troubleshooting tools
  • All security services
  • Adaptive Network Security
  • Adaptive Threat Intelligence
  • Application Delivery Solutions
  • DDoS Hyper
  • DDoS Mitigation Service
  • Lumen Defender Powered by Black Lotus Labs
  • Lumen SASE with Fortinet
  • Lumen SASE with Versa
  • Lumen SASE with VMware
  • Network-based Security
  • SD-WAN with Cisco Meraki
  • SD-WAN with Versa Networks
  • Security Log Monitoring
  • All communication services
  • Cloud Voice
  • Hosted VoIP
  • Local Inbound (LI)
  • Lumen Solutions for Microsoft Teams
  • Lumen Solutions for Webex
  • Lumen Solutions for Zoom
  • Lumen Solutions for Zoom for Government
  • SIP Trunking
  • Unified Communications and Collaboration
  • Voice Complete
  • VoIP Enhanced Local (ELS)
  • VoIP services
  • Vyvx® Broadcast Solutions
  • North America
  • Asia Pacific (APAC)
  • Contact us APIs

Creating a firewall rule to allow internet access for networks

Use Lumen® Private Cloud on VMware Cloud Foundation to create a firewall rule to allow internet access for networks on your Lumen® Edge Private Cloud service. If you do not have a network to add the rule to, you must configure a network.

To create a firewall rule to allow internet access for networks:

  1. Click Networking.

    The Lumen Private Cloud on VMware Cloud Foundation portal shows the Networks screen.
Networking tab.
  1. Click Edge Gateways, then select the edge gateway you want to create the firewall for.
  1. Click Firewall to view a list of firewall rules.
Edge Gateway window showing a list of firewall rules
  1. Click EDIT RULES.
  1. In the Edit Rules window, click NEW ON TOP, then complete the following fields to configure how a rule applies to a network:

    1. Name—Type a name for the network.

    2. Category—Leave this field as User defined.

    3. State—To enable the firewall rule, turn this option on.

    4. Applications—Click the icon, turn on the Choose a specific application option, select the applications for the rule, then click SAVE.

    5. Context—Click the icon, turn on the Choose a specific profile option, select the context for the rule, then click SAVE.

    6. Source—Click the icon, turn on the Any Source option, then click KEEP.

    7. Destination—Click the icon, select the destinations for the rule, then click KEEP. To use any destination, turn on the Any Destination option.

    8. Action—Select one of the following options:

      • Allow—Allow traffic matching the rule to pass, but block any traffic that does not match the rule. 

      • Drop—Discard traffic matching the rule without sending a response.

      • Reject—Block traffic matching the rule.

    9. IP Protocol—Select one of the following versions of IP for the firewall rule:

      • IPv4

      • IPv6

      • IPv4 and IPv6
         
    10. Applied To—Select a specific network to apply the rule.

    11. Logging—To enable logging for the firewall rule, turn this option on.

    12. Logging ID—After the rule is created, the firewall rule ID that generates will show.

    13. Comments—Click the icon, type your comments for the rule, then click SAVE.
  1. Click SAVE.

    The Lumen Private Cloud on VMware Cloud Foundation creates the firewall rule to allow internet access for the network.
  1. If you want to create a NAT (Network Address Translation) rule, click NAT, then click NEW.
Window showing fields to create a NAT rule

Note: Take note of the public IP listed under External IP. You need this to create a SNAT (Source Network Address Translator) rule.

  1. Type a name and description for the rule in the Add NAT Rule window.
  1. Select a NAT Action interface type to configure for the rule. 

  1. Complete the following fields to use Source Network Address Translator (SNAT) to translate the source IP address:

    1. External IP—Type the external IP address as listed on the NAT screen.

    2. Internal IP—Type the internal IP address for the rule.

    3. Destination IP—Type the destination IP address for the traffic.

 

  1. Complete the following fields to use Destination Network Address Translator (DNAT) to translate the destination IP address:

    1. External IP—Type the external IP address as listed on the NAT screen.

    2. External Port—Type the external port for the rule.

    3. Internal IP—Type the internal IP address for the rule.

    4. Application—Click the icon, turn on the Choose a specific application option, select the application to use then click SAVE.

  1. Complete the following fields to prevent translating the internal IP address of packets sent from an organization VDC to an external network or to another organization VDC network:

    1. Internal IP—Type the internal IP address for the rule.

    2. Destination IP—Type the destination IP address for the traffic.

 

  1. Complete the following fields to prevent translating the external IP address of packets received by an organization VDC (virtual data center) from an external network or from another organization VDC network:

    1. External IP—Type the external IP address as listed on the NAT screen.

    2. External Port—Type the external port for the rule.

  1. Complete the following fields to use both DNAT and SNAT depending on ingress or egress traffic:

    1. External IP—Type the external IP address as listed on the NAT screen.

    2. Internal IP—Type the internal IP address for the rule.
  1. In the Advanced Settings section, finish configuring the interface type for the rule:

    1. State—To enable the rule, turn this option on.

    2. Logging—To enable logging for the rule, turn this option on.

    3. Priority—Type the priority of the rule. A lower number signifies priority. For example, 1 is higher than 3. Valid numbers depend on the total number of rules for the edge gateway.

    4. Firewall Match—Select one of the following options to determine how the firewall matches the address during NAT translating if the firewall stage is not skipped:

      • Match Internal Address—Applies the firewall to the internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done.

      • Match External Address—Applies the firewall to the external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done.

      • Bypass—Firewall stage will be skipped.
         
    5. Applied To—Select Public‑1
  1. Click SAVE.

    The Lumen Private Cloud on VMware Cloud Foundation creates the NAT rule.