A firewall is used to protect VMs from unauthorized traffic and allow permissible traffic to the VM based upon rules that you set up.
Each organization has one firewall. That firewall can be configured to allow and disallow traffic on any virtual machine in the organization.
To access the firewall options:
- Sign in to the Client Portal.
- Open the Manage mega menu.
- Click Virtual Firewalls under the Public Cloud section.
Working With Firewall Rules
This screen serves as a list of all of your firewall rules and will be necessary when ordering and troubleshooting your firewall rules, and is sorted by Node. To begin, select an available node from the Select a Node drop-down menu.
Any time you add a new firewall rule, it is placed in this list in the order it was created. You'll notice, however, that a Priority column exists on the far left of the list. You need to tell the system which order to process the firewall rules in. To do this, simply click Actions in the row of the rule you wish to move, then click the Move Up or Move Down links at the bottom left of the list.
Once you've done that you need to click the Apply Changes link at the top of the Firewall Rules List to save your changes.
Facts About Firewall Rules
These general rules apply to the firewall:
- There is no limit to how many rules you can have.
- If the firewall is off, ALL traffic will be allowed access to your VMs.
- Only Active rules are looked at by the firewall. Rules set to Not Active will be ignored.
- When the firewall is off, Active rules are ignored as well.
- Denies always have priority over Allows. If you have two rules that are identical except for the Allow/Deny, the Deny will be given preference and traffic will be denied.
- The system has a built-in DENY ALL rule that is processed last, but does not show up in the list. Once you've enabled the firewall, you must create Allow rules to allow traffic to reach your VMs.
- The system has a built-in Load Balancer rule that appears as an icon at the top-right of the Firewall Rules List. This rule is necessary to ensure that your load balancer works as expected no matter how many firewall rules exist.
Any changes you make on any of the following screens require that you click Apply Changes when you return to the Firewall screen after completing the task. Failure to do this will result in the loss of any changes you performed. If you leave the screen without committing the changes, your edits will be lost.
The following icons display at the top of the screen, allowing for further firewall configurations:
- Add Rule. Use this link to add a new rule to the firewall.
- Select a Node.
- Enable/Disable the Firewall. This link displays differently according to the current state of the firewall, and the Remote Access status of the firewall.
- Remote Access. Use Remote Access to block all traffic to all VMs except via ports 22 and 3389 and the Console.
The following Actions are available by right clicking on a rule in the list:
- Delete. Used to delete a rule.
- Modify. Used to make changes to existing rules.
- Move Up/Move Down. Use these to move the rule up or down in the list of rules for the firewall.