Managing distributed firewalls
BMC Cloud Lifecycle Management supports the management of distributed firewalls (such as the Cisco Virtual Security Gateway (VSG) appliance) from the Manage Firewall Rules dialog box. Distributed firewalls, also called transparent hypervisor firewalls or layer 2 firewalls, protect traffic within the same network. Rules for this type of firewall are distributed across the switch ports, securing what is referred to as east/west traffic.
Note
When you are adding, editing, or deleting firewall rules, the network container is locked.
For information about configuring distributed firewalls in BMC Network Automation, see Configuring Cisco VSG firewalls.
To manage a distributed firewall from a network container
You can access the Manage Firewall Rules dialog from the Resource Manager > Network > Network Containers workspace or from the accompanying Details pane for the selected container.
- From the BMC Cloud Lifecycle Management Administration Console, perform the following steps:
- Click the vertical Workspaces menu on the left side of the window and select Resources.
- Under Quick Links on the left, click Network Containers under the Network section to display the network containers.
- Select a network container that has a distributed firewall that you want to manage.
- Click the Manage Firewall Rules icon .
- From the Details pane, perform the following steps:
- Select the network container with the distributed firewall entry or entries.
- Expand the Details pane.
- Under the Distributed Firewalls label, select the firewall from the table.
- Click the Manage Distributed Firewall Rules icon .
The Manage Firewall rules dialog is displayed.
- Click the Distributed Firewalls tab.
Review the following field descriptions:
Field Description Distributed Firewall
Select the distributed firewall to manage from the drop-down list, if the firewall is not already displayed.
Mode
Read or edit. To make changes to the corresponding rules, switch to edit mode.
You must choose a network interface before you can update a rule in edit mode.Interface
The interface of the firewall. The interface uses the access control list (ACL) to filter traffic flowing between virtual machines (VMs).
Network Container
Name of the selected network container.
Network/Zone
The name of the network and zone (logical group of VMs or hosts) that the distributed firewall is securing.
Switch
The switch to which the distributed firewall is connected.
Enforceability
Click this field to enable the firewall rule.
Allow Traffic
Choose deny or permit.
Description
Enter a description for the rule.
Log
Click this field to enable logging.
Locked
Click this field to lock the firewall rule which prevents end users and tenant administrators from deleting or editing the rule.
Hidden
Click this field to hide the rule from end users and tenant administrators.
Source
Select one of the following for the source address:
- Host Address — Enter the host address.
- Network Address and Network Mask — Enter the network address and mask.
Destination
Select one of the following for the following for the destination address:
- Host Address — Enter the host address.
- Network Address and Network Mask — Enter the network address and mask.
5. After you have completed the updates, click Save to save any changes you have made to the distributed firewall rules.
Where to go from here
You can now create a new rule or edit an existing rule.
Comments
Log in or register to comment.