Topics Discussed:
To fully use this screen, you must have the following permissions assigned to your account:
Read Virtual Data Centers
Read Firewall
Write Firewall
Write Entity Meta Data
Read Entity Meta Data
Create a Firewall Rule
Create a Firewall Rule with a New IP Address Group
In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address.
You can combine related IP addresses into a single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable IP Group. Then, when you create a firewall rule, you can pick the newly created IP Group as your Source or Destination IP addresses.
Create a Firewall Rule with an Existing IP Address Group and Service Group
To create a new firewall rule with an existing IP Group and Service Group, simply follow the instructions outlined in Create a firewall rule.
If you have not created an IP Group or Service Group, and you want to create a new firewall rule, see Create a firewall rule with a new service group and new IP Group.
After you create a rule, Armor recommends that you place the rule in the correct order. To learn more, see Reorder a firewall rule.
Reorder A Firewall Rule
The Armor default rule that displays at the bottom of the table cannot be re-ordered.
In the Armor Management Portal (AMP), on the left-side navigation, click Security.
Click Firewall.
Under Rule, in the numbered fields, enter the desired number, then click the check mark to move the rule to a different position. Click X to cancel.
If you have more than 25 rules, the additional rules will be placed on the next page of the Firewall screen.
If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.
To learn how to send a support ticket, see Armor Support.
Refresh the Status a Firewall Rule
You can manually refresh the status of an individual firewall rule. This will allow you to see the status of the firewall rule transition from a Pending status.
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.
Locate and hover over the desired firewall rule.
Click the vertical ellipses.
Click Refresh Rule.
You can also manually refresh the status of all firewall rules at once.
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.
Click Actions, and then click Refresh Page.
Edit a Firewall Rule
Manage Firewall Rule Notes
In order to create, view or edit notes for your firewall rules, you must have the following permissions enabled:
Write Entity Meta Data
Read Entity Meta Data
Export Firewall Data
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Firewall.
If you have virtual machines in various data center, then click the corresponding data center.
Select Rules, IP Groups, or Service Groups to filter the data.
(Optional) Use the filter function to customize the data displayed.
In the bottom, right part of the screen, click CSV.
You have the option to export all the data (All) or only the data that appears on the current screen (Current Set).
Data type
Data displayed
Rules
Order, Name, Sources, Destinations, Services, Action, Enabled, Notes
IP Groups
Name, Ips, Ranges, Cidrs, Notes
Service Group
Name, Udp, Tcp, Icmp, Notes