Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
id132280661
Section
id132280672
Section
background-color$lightGrayColor
id132280660

Topics Discussed

Table of Contents
maxLevel3
minLevel3

Section
id132280662
Note

To fully use this screen, you must have the following permissions assigned to your account:

  • Read Virtual Data Centers
  • Read Firewall
  • Write Firewall


In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

You can combine related protocols (and ports)into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.


Anchor
Create a service group
Create a service group
Create a Service Group

...

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

Tip

You can combine related protocols (and ports)into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.
  2. Click Firewall.

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

  4. Click Service Groups.
  5. ClickActions, and then clickNew Group.
  6. In Service Group Name, enter a descriptive name.
  7. In Add Members To Group, enter the service or sub-protocol, and then click the plus ( + ) icon.
    • You must add at least one member.
    • You can add multiple members to a service group.

      Service or sub-protocol

      Notes

      Example

      Services (TCP, UDP, etc.)

      You must enter a port number.

      These services are not case-sensitive.

      • tcp/80
      • TCP/80
      • Tcp/80
      • tCp/80
      Additional services (AARP, AH, etc.)

      These additional services are not case-sensitive.

      Do not enter a port number with these additional services.

      • ATALK
      • igmp
      • Gre
      Sub-protocols (echo-reply, redirect, etc.)

      You must enter icmp, followed by the specific sub-protocol.

      You must enter the sub-protocol in lower-case letters.

      Do not enter a port number.

      • icmp/source-host-isolated
      • icmp/time-exceeded
  8. Click Apply.
    • The newly created service group will appear at the bottom of the table.
Note

For a complete list of supported services and sub-protocol, see Review supported services and sub-protocols.


Anchor
Edit a Service Group
Edit a Service Group
Edit a Service Group

...

Insert excerpt
ESLP:Delete or edit a rule or group (snippet)
ESLP:Delete or edit a rule or group (snippet)
nopaneltrue

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

  4. Click Service Groups.
  5. Locate and place your cursor over the desired service group.
  6. Click the pencil icon.
  7. Make your changes, and then click Appy to save.


Anchor
Delete a Service Group
Delete a Service Group
Delete a Service Group

...

Note

You cannot delete a service group that is actively used in a firewall rule.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

  4. Click Service Groups.
  5. Locate and place your cursor over the desired service group.
  6. Click the trash icon.
  7. Click Delete Service Group.




Was this helpful?

Topics Discussed

Table of Contents
maxLevel3
minLevel3