A firewall needs a set of rules in order to do its job. Each rule tells the firewall what traffic to allow or deny, which VM to apply that rule to, which ports that traffic should be directed (or restricted from) on that VM, and which protocols to allow.When setting up rules, you will need to know IP addresses and Port Numbers for allowing and denying traffic. Any IP addresses for your VMs (Destinations) will be provided for you in the drop-down menu.
You can view a list of common port numbers in the Port Numbers topic.
No more than 15 ports may be added to any firewall rule's destination or source list.
To add a new rule:
- Sign in to the Client Portal.
- Open the Manage mega menu.
- Click the Virtual Firewalls link under the Public Cloud heading.
- Click Add Rule.
- Enter a name for the rule in the Rule Name field. Be as descriptive as possible, this list can get pretty long!
- If you wish the rule to be active immediately, click to select the Rule Enabled checkbox on the right.
Inactive rules are ignored by the firewall.
- Select a rule Type by clicking the slider (default is ALLOW which displays as a green slider):
- ALLOW. Select this option if you are creating a rule to allow traffic from outside sources to one of your VMs.
- DENY. Select this option if you are creating a rule to block traffic from outside sources to one of your VMs.
- Select a Source/Net Host from the radio buttons:
- Any Source/Net Host IP. Select this option if you wish the rule to apply to any source/net host.
- Specify a Source IP. Use this option to specify the source, then enter the source IP in the text field provided. You may enter an IP Address in the x.x.x.x format, or a range of IP addresses formatted without a space (x.x.x.1-x.x.x.5), or you can enter a subnet mask formatted x.x.x.x/y.
- Select an option in the next set of radio buttons labeled ...from this Port:
- Any. Select this option if you wish the rule to apply to any source port.
- Specify Port/s. Enter a valid port number between 1 to 65535. Use this option to specify the source, then enter the port number to specify in the provided field. Multiple ports are allowed, but please separate port numbers with a comma.
- Select a Destination from the ...being sent to radio button set:
- Any VM, ANY IP.
- Specify VM. Select this, then select a Node, a VM, and an IP address from the pop-up wizard (click OK when complete).
- Select a Service from the drop-down menu labeled Using this service (more information about these services can be found in the Port Numbers topic).
- Select a Protocol from the drop-down menu labeled & Protocol (more information about these protocols can be found in the Port Numbers topic).
- Select a Destination Port from the drop-down menu:
- Any. Select this option if you wish the rule to apply to any destination port on the VM.
- Specify. Use this option to specify the port, and then enter a port number in the text field provided. Multiple ports are allowed, but please separate port numbers with a comma.
- Enter a port number in the field labeled ...to port/s (more information about these port numbers can be found in the Port Numbers topic).
- Click Add/Update Rule.
- You can immediately commit your changes by clicking Apply All Changes, or you can continue making changes by clicking Make More Rule Changes.
- Adjust the priority of your new rule as necessary using the Move Up and Move Down links found in the Actions pop-up menu. Alternatively, you can right-click on a Rule to open the Available Actions pop-up menu.
- Click Apply Changes at the top of the Firewall Rules list to save the new rules.