Abiquo 4.6.1 enables you to define a default firewall for a virtual datacenter where firewall policies are available. When the user creates a VM, the platform will assign the default firewall. The firewall ruleset applies to VMs, not individual NICs on the VMs. Changes to the firewall ruleset will apply to every VM in the virtual datacenter with the default firewall.
The privilege to use this feature is assigned to the CLOUD_ADMIN role by default.
The administrator can set or unset the default firewall on the VDC Firewalls tab with the star button.
If the administrator does not set a default firewall but the provider requires one, for example, AWS, the platform will set the provider's default firewall.
The administrator can also set or unset the default firewall option when editing a firewall if the cloud provider or infrastructure enables the user to edit firewalls.
When the platform captures a VM, it does not apply the default firewall.
The user can remove the default firewall when editing the VM. However, if the provider requires a firewall and the user does not supply another one, the platform will assign the default firewall again.
The administrator can also add or remove a default firewall when editing a virtual datacenter. Note that you cannot set the default firewall before you create the virtual datacenter because the firewall belongs to the virtual datacenter and it must be created within an existing virtual datacenter.
When the platform creates a VApp from a spec, the platform will assign the firewall defined in the VApp spec. If a VM has no firewall in the spec, and the virtual datacenter has a default firewall, then the platform will assign the default firewall to the VM.
When you set a default firewall in a VDC with existing VMs, the platform will not assign the firewall to these VMs.
When you create a default firewall and then you edit an existing VM without a firewall, the platform will display a warning message.