Datacenter Firewall (newb)

[Malsori]

So im new to this, and have set up a couple of VMs just to check how things work. I also set up alot of rules just to learn how firewall works. But when I thought I was done, I made a rule in the datacenter firewall that my PC (source) cant ssh port 22 tcp to one of my VMs, and this i did just to see that the rule worked. Since the UFW is on and allowed ssh, and the service is enabled in the vm should not mattred since the datacenter firewall should stop this traffic before it even reach the VM? I did try to choose the virtual interface in the rules, I even droped all traffic from my pc to one VM without specifying port or proto and I could still reach it. Obvs Ive been doing this all wrong, and I can read about myself, but just tell me what the problem here is.

 

[_gabriel]

Datacenter firewall rules are applied to Host(s) / Node(s) not to VM.
Firewall Rules for VM are to be set "Per VM".

 

[Malsori]

Datacenter firewall rules are applied to Host(s) / Node(s) not to VM.
Firewall Rules for VM are to be set "Per VM".

I see, i thought since it lets me choose any Vm and the virtual interface it would stop that traffic before reaching the vms. Logically the vms goes through the virtual int when communicating outside and stopping traffic there would be effective was my thinking. I guess I hade it wrong. I will try setting the rules on the vms instead, much appreciated