Skip to content

Firewall Rules

Firewall rules, also called firewall policies, control whether communication is blocked or allowed based on rule criteria.

What are Firewall Rules

Firewall rules inspect packet information and enforce network security by allowing or blocking communication according to defined criteria.

Rule components include:

Component Description
Direction Whether traffic is incoming to or outgoing from the resource.
Policy Type The source and destination zones for the rule.
Sources Where the traffic comes from.
Destinations Where the traffic goes.
Services Protocols and ports used by the communication.
Description Optional reference text for the rule.

Viewing Firewall Rules

For a VM

  1. Open Compute.
  2. Open Virtual Machines.
  3. Search by VM ID or VM IP.
  4. Open the VM.
  5. Open the Firewall Rules tab.

Across Environments

Open Networking > Firewall Rules to view and search firewall rules across environments.

Creating a Firewall Rule

Firewall rules can be added from the Firewall Rules tab on a VM page or load balancer page.

Direction

Direction specifies traffic direction on the VM or load balancer:

  • Incoming to the VM or load balancer.
  • Outgoing from the VM. Load balancers do not have an outgoing interface.

Add the rule on the destination as Incoming when the destination is in SITE Cloud.

Add the rule on the source as Outgoing when the destination is not in SITE Cloud or is not in the same environment, such as internet, MAN/on-premises, or another region environment.

Policy Type

Policy type describes the source and destination zones.

Zone Meaning
INTERNET / NET Public IP on the internet outside SITE Cloud. Internet access is conditional and applies only when the VM or load balancer is in SSA and has a public IP.
ON-PREM / MAN Private IP in an on-premises MAN connection, or a VM/load balancer in a different environment.
HSA High Security Assurance zone for restricted workloads.
SSA Standard Security Assurance zone for workloads that can connect to and from the internet with appropriate controls.

Sources and Destinations

The source must match the source type selected in the policy type. Enter one or more valid IPs, subnets, or virtual machines.

The destination must match where traffic is going. Enter one or more valid IPs or subnets.

Services

Services use one or more ports and protocols for the required communication. Supported protocol types include TCP, UDP, and ICMP.

Description

Use a short optional description so future reviewers understand the rule purpose.

Tip

Descriptions are optional, but they make future audits and troubleshooting much easier.

Editing a Firewall Rule

Click the edit icon on the far right of the firewall rule row.

Deleting a Firewall Rule

Click the delete icon on the far right of the firewall rule row.

Exporting Firewall Rules

  1. Sign in to Cloud Portal.
  2. Open Networking.
  3. Open Firewall Rules.
  4. Filter by business group, resource type, direction, or policy type as needed.
  5. Export the filtered firewall rule list.