VMware vCloud Director NSX Tenant Portal Firewall Logs

Shares

VMware has released vCloud Director 8.2 for Service Providers which now includes a new HTML5 interface for NSX Edge advanced gateway.

As I take a look at this in the lab I did notice that something was missing from the HTML5 interface which is actually called the Tenant Portal.

vCloud NSX Edge Gateway Firewall Log Setting

In the original vCloud Edge Gateway firewall rules we had the option to enable logging on a per-rule basis:

VMware vCloud Director Edge Gateway

However in the new Edge Gateway HTML5 interface (Tenant Portal), we don’t have that option:

VMware vCloud Director Edge Gateway Tenant Portal

If you originally created the firewall rule with logging enabled before converting the Edge Gateway to an Advanced Edge Gateway, then the logging configuration will remain enabled.

When you create a new rule or if you want to disable logging on a particular rule, currently there is no way to do this in the tenant portal HTML5 interface.

vCloud Edge Advanced Gateway and Enabling Firewall Logs

Good news is that if I need to enable or disable logging of a firewall rule, I can simply do it via the VMware vCenter Vsphere Web Client.

Browse to Networking & Security – NSX Edges and double clieck on the Edge Gateway that you wish to modify. Click on the Manage tab followed by Firewall.

If you don’t see the Log column, select what looks like a calendar next to the search field on the right hand side and tick the Log option

VMware vSphere Web Client Edge Gateway

Now that we have the Log column enabled we can click on the plus symbol and change the Log option to Log or Do no log.

VMware vSphere Web Client NSX Edge Gateway Log

I’ve done some tests whereby I change the rule settings via the vCloud Edge Gateway interface, and I can confirm that the Log settings stick.