Creating and editing firewall rules

This topic describes how to add, edit, and delete firewall rules by using the Manage Firewalls dialog box. The topic contains the following sections:

Before you begin

The network container must have at least one firewall.

To access the Manage Firewalls dialog box

You can access the Manage Firewalls dialog from the Resource Manager > Network > Network Containers workspace or from the accompanying Details pane for the selected container.

From the BMC Cloud Lifecycle Management Administration Console

1. Click the vertical Workspaces menu on the left side of the window and select Resources.
2. Under Quick Links on the left, click Network Containers under the Network section to display the network containers.
3. Select a network container that has a firewall that you want to manage.
4. Click the Manage Firewall Rules icon .
5. Click the Firewalls or Distributed Firewalls tab.

From the Details pane

1. Select the network container with the firewall entry or entries.
2. Expand the Details pane.
3. Under the Firewalls or Distributed Firewalls label, select the firewall.
4. Click one of the following:
   • The Manage Firewall Rules icon (for perimeter firewalls)
   • The Manage Distributed Firewall Rules icon for distributed firewalls.
     The Manage Firewall rules dialog is displayed.
     

You can now add, edit, or delete a firewall rule, as described in the following sections.

To add a firewall rule

You add a firewall rule for a perimeter firewall from the Firewall tab, while you add rules for distributed firewalls from the Distributed Firewall tab.

Adding a rule for a perimeter firewall

1. To create a new rule, click the Add Firewall Rule icon.
   The Create Firewall Rule dialog box is displayed.
   
   
   

   Note

   For information about how BMC Network Automation evaluates firewall rules, see Sorting rules for firewalls.

2. Select or enter values for the following options:
   • Status — Choose enabled or disabled.
   • Allow Traffic — Choose deny or permit.
   • Transport Protocol — Choose the required protocol, for example, TCP, UDP, etc.
   • Application Protocol — Select an application protocol or enter a Port number.

     Note

     Upgrading to version 3.1.01 Patch 2 provides you with the capability to specify a port range for the firewall rule. For more information, see Patch 2 for Service Pack 1

   • Description — Enter a description for the rule.
   • Source — Select one of the following for the source address:
     • Host Address — Enter the host address.
     • Network Address and Network Mask — Enter the network address and mask.

       Tip

       If the network is attached to an interface (inside or outside), do not specify the host address or network address/mask as a source in a firewall rule for the outbound access control list (ACL).

   • Destination — Select one of the following for the following for the destination address:
     • Host Address — Enter the host address.
     • Network Address and Network Mask — Enter the network address and mask.

       Tip

       If the network is attached to an interface (inside or outside), do not specify the host address or network address/mask as a destination in a firewall rule for the inbound ACL.

       
       When configuring a virtual machine that uses Network Address Translation (NAT), you should apply the same firewall rule to the inbound ACL of the outside interface as you would to the outbound ACL of the inside interface. The destination must be the NAT address.
3. Click Save.
   The Firewall Rules dialog box closes, and the Manage Firewalls dialog box remains open. You can add or change more firewall rules from the Manage Firewalls dialog box.
4. Click Save on the Manage Firewalls dialog box to save all of your firewall rule changes.
   A confirmation dialog box asks for confirmation:
   All changes made to the firewall rules will be saved. Do you want to continue?
5. Click Yes to save your changes or click No to return to the Firewall Rules dialog box.

Adding a rule for a distributed firewall

1. To create a new rule for a distributed firewall, select the Distributed Firewalls tab.
2. Click the Add Firewall Rule icon.
   The Create Distributed Firewall Rule dialog box is displayed.
   
   
   

   Note

   For information about how BMC Network Automation evaluates firewall rules, see Sorting rules for firewalls.

3. Select or enter values for the following options:
   • Status — Choose enabled or disabled.
   • Allow Traffic — Choose deny or permit.
   • Description — Enter a description for the rule.
   • Source — Select one of the following for the source address:
     • Host Address — Enter the host address.
     • Network Address and Network Mask — Enter the network address and mask.
   • Destination — Select one of the following for the following for the destination address:
     • Host Address — Enter the host address.
     • Network Address and Network Mask — Enter the network address and mask.
4. Click Save.
   The Firewall Rules dialog box closes, and the Manage Firewalls dialog box remains open. You can add or change more firewall rules from the Manage Firewalls dialog box.
5. Click Save on the Manage Firewalls dialog box to save all of your firewall rule changes.
   A confirmation dialog box appears stating, All changes made to the firewall rules will be saved. Do you want to continue?
6. Click Yes to save your changes or click No to return to the Firewall Rules dialog box.

To edit a firewall rule

1. Select the firewall to edit from the drop-down list.
   
2. Select a rule.
3. Click the Edit a Firewall icon to display the Edit Firewall Rule dialog box.
4. Make your updates and save them.

To delete a firewall rule

1. Select the firewall to edit from the drop-down list.
   
2. Select a rule.
3. Click the Delete a Firewall icon to display the prompt.
4. Complete the actions.

Related topics

Overview of managing firewalls for network containers
Managing perimeter firewalls
Managing distributed firewalls
Sorting rules for firewalls