Creating firewall rules for an Edge Gateway

Owned by John Hicks
Last updated: Jun 13, 2024
3 min read

Introduction

The purpose of this guide is to add firewall rules to environments within the VDC service.

In this scenario, firewall rules can only be managed with a Virtual Data Center that is provisioned with an Edge Gateway.

With an Edge Gateway you can create firewall rules on incoming traffic, outgoing traffic, or both, to control the security of your environment.

Prerequisites

To use specific IP addresses or custom ports, you must create IP-Sets and Application Port Profiles before creating a rule.

Application Port Profiles:

There are more than 400 applications are already available, built-in to an Edge Gateway.

  • Click on the Virtual Data Center where there is an Edge Gateway

  • Select Edges from the menu to the left

  • Select the Edge

  • Go to the section named Application Port Profiles, under Security, click New

 

image-20240612-092456.png

 

  • Enter the application name and description. Select the protocol and enter the required port(s).
    Then, click on Save.

 

image-20240612-092741.png

 

IP Sets

  • Go to the section named IP Sets

  • Click New

  • Name: Enter a name for the IP Set

  • Description: Provide a description if required

  • IP Addresses: Provide a valid IPv4 or IPv6 address, range, or CIDR. Click Add

  • Click Save when done

 

 

 

Procedure

Log in to https://portal.cloudist.se

Select Virtual Data Center service

Select the Virtual Data Center and click the Virtual Data Center name

  • Click on the Virtual Data Center where there is an Edge Gateway

  • Select Edges from the menu to the left

  • Select the Edge and then click Services

  • Click on IP Allocations, then locate/note your allocated IP(s)

  •  Go to the Firewall section and click on Edit Rules

 

  • Click on New on Top

  • Name: Name your firewall rule

  • Applications: Click on the pencil to select a specific application/port for the rule, either default or custom, or leave unselected for Any.

  • Click on Save

 

  • Source: Click on the pencil to select the source for this firewall rule, either your pre-configured IP Set, or toggle Any Source for any.

  • Click on Keep

  • Destination: Click on the pencil to select the source for this firewall rule, either your pre-configured IP Set, or toggle for Any Destination for Any.

  • Click on Keep

  • Action: Choose between Allow or Drop

 

  • Click Save to apply the rule