Setting up VEG for Internet access
1) Go to Networking -> Edges. Click on VEG. The parameters of the selected VEG are displayed below.
2) The IP Addresses section contains the external IP address of the VEG and the name of the external network. These parameters are required to configure NAT and Firewall. Memorize them or write them down.
3) Click CONFIGURE SERVICES.
4) In the NAT tab, click + SNAT RULE to create a SNAT rule that will allow the VM from the internal network to go to the Internet using the external IP address of the VEG. In the rule settings window, specify:
Applied on - external network connected to VEG (see point 2).
Description - enter a description. This will help you understand in the future what the rule was created for.
Original (Internal) source IP / range - specify the range of addresses of the data center network, which the VMs are connected to. You can also specify the entire network, for example 192.168.0.0/24.
Translated (External) source IP / range - specify the external IP address of the VEG (see item 2).
Enabled - enable the rule.
Click KEEP to add the rule. Click Save changes.
5) Go to the Firewall tab and click +. A row of the new rule will appear in the table.
By default, the Firewall is in Deny mode - traffic blocking. It is recommended to follow this principle for the rules: everything is prohibited except the allowed traffic. Thus, in the rules, you specify which traffic to allow.
To create a rule, specify:
Name - the name of the rule. For example, the Internet.
Source - specify the range of addresses which access is granted for. You can also specify the entire network, for example 192.168.0.1/24. Use internal to specify all internal networks.
Destination - in this case, you need to allow "any external address". Use the external value.
Service - in this case, you need to allow any protocol. Click +, set the value to any.
Action – Accept.
6) Click Save changes.
Connect to the virtual