Versions Compared

Old Version 155

changes.mady.by.user Moyinoluwa Ojo

Saved on

compared with

New Version Current

changes.mady.by.user Soniya Patil

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel6
minLevel1maxLevel6
include
outlinefalse
indent
exclude
typelist
printablefalse
classBackground Color: #F7F7F7printablefalse

Note

To fully use this screen, you must have the following permissions assigned to your account:

  • Read Virtual Data Centers

  • Read Firewall

  • Write Firewall

  • Write Entity Meta Data

  • Read Entity Meta Data

...

Anchor
Create-a-Firewall-Rule-with-a-New-IP-Address-Group
Create-a-Firewall-Rule-with-a-New-IP-Address-Group
Create a Firewall Rule with a New IP Address Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address.

Tip

You can combine related IP addresses into a single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable IP Group. Then, when you create a firewall rule, you can pick the newly created IP Group as your Source or Destination IP addresses.

Expand
titleStep 1: Create an IP Group

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.

  4. Click IP Groups.

  5. Click Actions, and then click New Group.

  6. In Name of IP Group, enter a descriptive name.

  7. In IP Addresses, enter a member, and then click the plus icon.

    • You can enter:

      • A single IP address

      • A range of IP addresses

      • CIDR

    • You must add at least one member.

    • You can add multiple members to a service an IP group.

  8. Click Create Group.

    • The newly created IP group will appear at the bottom of the table.

Expand
titleStep 2: Create a Service Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

Tip

You can combine related protocols (and ports) into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Click Service Groups.

  5. Click Actions, and then click New Group.

  6. In Name of Service Group, enter a descriptive name.

  7. In Services, enter the service or sub-protocol, and then click the plus ( + ) icon.

    • You must add at least one member.

    • You can add multiple members to a service group.

      Service Or Sub-Protocol

      Notes

      Example

      Services (TCP, UDP, Etc.)

      You Must Enter A Port Number.

      These Services Are Not Case-Sensitive.

      • Tcp/80
      • TCP/80
      • Tcp/80
      • TCp/80
      Additional services (AARP, AH, etc.)

      These additional services are not case-sensitive.

      Do not enter a port number with these additional services.

      • ATALK
      • igmp
      • Gre
      Sub-protocols (echo-reply, redirect, etc.)

      You must enter icmp, followed by the specific sub-protocol.

      You must enter the sub-protocol in lower-case letters.

      Do not enter a port number.

      • icmp/source-host-isolated
      • icmp/time-exceeded


  8. Click Create Group.

    • The newly created service group will appear at the bottom of the table.

Info

For a complete list of supported services and sub-protocol, see Review supported services and sub-protocols.

Anchor
Create-a-Firewall-Rule
Create-a-Firewall-Rule

Expand
titleStep 3: Create a Firewall Rule

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top menu, click the corresponding data centercentre.

  4. On the Rules tab, click Actions, and then click New Rule.

    • If you do not see Actions, then click Create a Firewall Rule.

  5. In Name of Rule, enter a descriptive name.

  6. Under Action, select Allow to allow specified traffic to access your virtual machine, or Block to block specified traffic.

  7. Under Status, select Enabled to create the rule in an enabled status, or Disabled to create the rule in a disabled status.

  8. In Source, select the name of the desired IP Group.

    1. If the desired IP Group is not listed, click + New IP Group to create a new IP Group, then follow the steps outlined in Create an IP group.

  9. In Destination, select the name of the desired destination.

    1. If the desired destination is not listed, click + New IP Group to create a new IP Group, then follow the steps outlined in Create an IP group.

  10. In Services, select the name of the desired Service Group.

    1. If the desired Service Group is not listed, click + New Service Group to create a new Service Group, then follow the steps outlined in Create a service group.

  11. Click Save.

Info

After you create a rule, Armor recommends that you place the rule in the correct order. To learn more, see Reorder a Firewall Rule.

Anchor
Create-a-Firewall-Rule-with-Existing-Group
Create-a-Firewall-Rule-with-Existing-Group
Create a Firewall Rule with an Existing IP Address Group and Service Group

To create a new firewall rule with an existing IP Group and Service Group, simply follow the instructions outlined in Create a firewall rule.

Note

If you have not created an IP Group or Service Group, and you want to create a new firewall rule, see Create a firewall rule with a new service group and new IP Group.

Info

After you create a rule, Armor recommends that you place the rule in the correct order. To learn more, see Reorder a firewall rule.

Anchor
Reorder-a-Firewall-Rule
Reorder-a-Firewall-Rule
Reorder A Firewall Rule

...

Note

The Armor default rule that displays at the bottom of the table cannot be re-ordered.

...


Anchor
Refresh-the-Status-of-a-Firewall-Rule
Refresh-the-Status-of-a-Firewall-Rule
Refresh the Status of a Firewall Rule

...

You can manually refresh the status of an individual firewall rule. This will allow you to see the status of the firewall rule transition from a Pending status.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Locate and hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click Refresh Rule.

You can also manually refresh the status of all firewall rules at once.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Click Actions, and then click Refresh Page.

Edit a Firewall Rule

...

Expand
titleEdit a Firewall Rule

Anchor
Edit-a-firewall-rule
Edit-a-firewall-rule

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFFAE6

You cannot edit or delete a rule or group that is in a Pending or Error state. To make changes,

the rule must be in an Enabled or Disabled state; the group must be in a Ready To Use or In Use state.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Locate and hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click EditRule.

  7. Make any desired changes to the firewall rule.

  8. Click Save.

Expand
titleRemove a Source, Destination, or Service Group

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Locate and hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click EditRule.

    1. Hover over the desired Source, then click the trash can icon.

    2. Hover over the desired Destination, then click the trash can icon.

    3. Hover over the desired Service Group, then click the trash can icon.

  7. Click Save.

    Note

    In order to save a rule, you must have an entry in the Source, Destination, and Services section.


Expand
titleEnable or Disable a Firewall Rule

Anchor
Enable-or-disable-a-firewall-rule
Enable-or-disable-a-firewall-rule

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click Enable Rule or Disable Rule.

  7. Click Enable Rule or Disable Rule again.

Expand
titleDelete a Firewall Rule

Anchor
Delete-a-firewall-rule
Delete-a-firewall-rule

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFFAE6

You cannot edit or delete a rule or group that is in a Pending or Error state. To make changes,

the rule must be in an Enabled or Disabled state; the group must be in a Ready To Use or In Use state.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centerscentres, then in the top drop-down menu, select the desired data centercentre.

  4. Hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click Delete Rule.

  7. Click Delete Rule again.

Anchor
Manage-Firewall-Rule-Notes
Manage-Firewall-Rule-Notes
Manage Firewall Rule Notes

...

Note

In order to create, view or edit notes for your firewall rules, you must have the following permissions enabled:

  • Write Entity Meta Data

  • Read Entity Meta Data

Expand
titleAdd a Firewall Rule Note

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centercentres, then click the corresponding data centercentre.

  4. Locate and hover over the desired firewall rule.

  5. Click the vertical ellipses.

  6. Click View/Edit Notes.

  7. In Notes, enter the desired text.

  8. Click Submit.

    Info

    A note icon will display next to the Name of the firewall rule that was updated. Click the icon to view the note.


Expand
titleView a Firewall Rule Note

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centercenters, then click the corresponding data centercentre.

  4. Locate and hover over the desired firewall rule.

  5. Next to the Name, click the note icon.

    1. Or, click the vertical ellipses, then click View/Edit Notes.

Anchor
Export-firewall-data
Export-firewall-data
Export Firewall Data

...

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Firewall.

  3. If you have virtual machines in various data centercenters, then click the corresponding data centercentre.

  4. Select Rules, IP Groups, or Service Groups to filter the data.

  5. (Optional) Use the filter function to customize the data displayed.

  6. In the bottom, right part of the screen, click CSV.

    • You have the option to export all the data (All) or only the data that appears on the current screen (Current Set).

      Data type

      Data displayed

      Rules

      Order, Name, Sources, Destinations, Services, Action, Enabled, Notes

      IP Groups

      Name, Ips, Ranges, Cidrs, Notes

      Service Group

      Name, Udp, Tcp, Icmp, Notes