Summary: The virtual machines in a vApp can connect to vApp networks (isolated or routed) and organization networks (direct or fenced). You can add networks of different types to a vApp to address multiple networking scenarios. Select the Networking tab in a vApp and select the Show networking details check box to view a list of the networks that are available to the vApp. Virtual machines in the vApp can connect to these networks. If you want to connect a virtual machine to a different network, you must first add it to the vApp.A vApp can include vApp networks and organization networks. A vApp network can be isolated by selecting None in the Connection drop-down menu. An isolated vApp network is totally contained within the vApp. You can also route a vApp network to an organization network to provide connectivity to virtual machines outside of the vApp. For routed vApp networks, you can configure network services, such as a firewall and static routing.There's also a possibility to connect a vApp directly to an organization network. If you have multiple vApps that contain identical virtual machines connected to the same organization network and you want to start the vApps at the same time, you can fence the vApp. This allows you to power on the virtual machines without conflict, by isolating their MAC and IP addresses.It's also possible configure certain vApp networks to provide firewall services. Enable the firewall on a vApp network to enforce firewall rules on incoming traffic, outgoing traffic, or both. When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the default firewall action.
