Creating and editing firewall rules

This topic describes how to add, edit, and delete firewall rules by using the Manage Firewalls dialog box. The topic contains the following sections:

Before you begin

The network container must have at least one firewall.

To access the Manage Firewalls dialog box

You can access the Manage Firewalls dialog from the Resource Manager > Network > Network Containers workspace or from the accompanying Details pane for the selected container.

From the BMC Cloud Lifecycle Management Administration Console

  1. Click the vertical Workspaces menu on the left side of the window and select Resources.
  2. Under Quick Links on the left, click Network Containers under the Network section to display the network containers.
  3. Select a network container that has a firewall that you want to manage.
  4. Click the Manage Firewall Rules icon .
  5. Click the Firewalls or Distributed Firewalls tab.

From the Details pane

  1. Select the network container with the firewall entry or entries.
  2. Expand the Details pane.
  3. Under the Firewalls or Distributed Firewalls label, select the firewall.
  4. Click one of the following:
    • The Manage Firewall Rules icon (for perimeter firewalls)
    • The Manage Distributed Firewall Rules icon for distributed firewalls.
      The Manage Firewall rules dialog is displayed.

You can now add, edit, or delete a firewall rule, as described in the following sections.

To add a firewall rule

You add a firewall rule for a perimeter firewall from the Firewall tab, while you add rules for distributed firewalls from the Distributed Firewall tab, as described in the following sections.

Adding a rule for a perimeter firewall

  1. To create a new rule, click the Add Firewall Rule icon . The Add Firewall Rule dialog box is displayed. 

    Tip

    For information about how BMC Network Automation evaluates firewall rules, see Sorting rules for firewalls.

     

  2. Select or enter values for the following options:
    • Status - Indicates the status of the firewall rule. Selecting the option enables the firewall rule; clearing the checkbox disables it.
    • Allow Traffic - Select the checkbox to permit traffic.
    • Description - Enter a description for the rule.
    • Log - Click this field to enable logging.
    • Locked - Click this field to lock the firewall rule which prevents end users and tenant administrators from deleting rules and network paths created by the Cloud Administrators.

      Note

      This field is available only for Cloud Administrators.
    • Hidden - Click this field to hide the rules and network paths from end users and tenant administrators.

      Note

      This field is available only for Cloud Administrators.
    • Transport Protocol - Choose the required protocol, for example, TCP, UDP, and so on.
    • Application Protocol - Select an application protocol or enter a single port number or port range (for example, 4000-4005) in the Port Range field.
    • Source- Select one of the following for the source address:
      • Host Address - Enter the host address.
      • Network Address and Network Mask - Enter the network address and mask. If the network is attached to an interface (inside or outside), do not specify the host address or network address/mask as a source or a destination in a firewall rule for the outbound or inbound access control list (ACL).
    • Destination - Select one of the following for the following for the destination address:
      • Host Address - Enter the host address.
      • Network Address and Network Mask - Enter the network address and mask.
        When configuring a virtual machine that uses Network Address Translation (NAT), you should apply the same firewall rule to the inbound ACL of the outside interface as you would to the outbound ACL of the inside interface. The destination must be the NAT address.

        Note

        For Amazon Web Services, the Destination endpoint field is a fixed interface, as shown below:

  3. Click Save. The Create Firewall Rules dialog box closes, and the Manage Firewalls dialog box remains open. You can add or change more firewall rules from the Manage Firewalls dialog box.
  4. Click Save on the Manage Firewalls dialog box to save all of your firewall rule changes. A confirmation dialog box asks for confirmation: All changes made to the firewall rules will be saved. Do you want to continue?
  5. Click Yes to save your changes or click No to return to the Firewall Rules dialog box.

Adding a rule for a distributed firewall

To create a new rule for a distributed firewall, select the Distributed Firewalls tab.

  1. Click the Add Firewall Rule icon. The Add Firewall Rule dialog box is displayed.

    Tip

    For information about how BMC Network Automation evaluates firewall rules, see Sorting rules for firewalls.

     

  2. Select or enter values for the following options:
    • Status - Indicates the status of the firewall rule. Selecting the option enables the firewall rule; clearing the checkbox disables it.
    • Allow Traffic - Select the checkbox to permit traffic.
    • Description - Enter a description for the rule.
    • Log - Click this field to enable logging.
    • Locked - Click this field to lock the firewall rule which prevents end users and tenant administrators from deleting rules and network paths created by the Cloud Administrators.

      Note

      This field is available only for Cloud Administrators.
    • Hidden - Click this field to hide the rules and network paths from end users and tenant administrators.

      Note

      This field is available only for Cloud Administrators.
    • Transport Protocol - Choose the required protocol, for example, TCP, UDP, and so on.
    • Application Protocol - Select an application protocol or enter a single port number or port range (for example, 4000-4005) in the Port Range field.
    • Source - Select one of the following for the source address:
      • Host Address - Enter the host address.
      • Network Address and Network Mask - Enter the network address and mask. If the network is attached to an interface (inside or outside), do not specify the host address or network address/mask as a source or a destination in a firewall rule for the outbound or inbound access control list (ACL).
    • Destination - Select one of the following for the following for the destination address:
      • Host Address - Enter the host address.
      • Network Address and Network Mask - Enter the network address and mask.
        When configuring a virtual machine that uses Network Address Translation (NAT), you should apply the same firewall rule to the inbound ACL of the outside interface as you would to the outbound ACL of the inside interface. The destination must be the NAT address.

        Note

        For Amazon Web Services, the Destination endpoint field is a fixed interface, as shown below:

  3. Click Save. The Create Firewall Rules dialog box closes, and the Manage Firewalls dialog box remains open. You can add or change more firewall rules from the Manage Firewalls dialog box.
  4. Click Save on the Manage Firewalls dialog box to save all of your firewall rule changes. A confirmation dialog box appears stating, All changes made to the firewall rules will be saved. Do you want to continue?
  5. Click Yes to save your changes or click No to return to the Firewall Rules dialog box.

To edit a firewall rule

  1. On the Manage firewall rules panel,select the firewall to edit from the drop-down list.
  2. Select a rule.
  3. Click the Edit a Firewall icon to display the Edit Firewall Rule dialog box.
  4. Make your updates and Save them.

To delete a firewall rule

  1. On the Manage firewall rules panel, select the firewall to edit from the drop-down list.
  2. Select a rule.
  3. Click the Delete a Firewall icon to display the prompt.
  4. Complete the actions.

Related topics

Overview of managing firewalls for network containers
Managing perimeter firewalls
Managing distributed firewalls

Was this page helpful? Yes No Submitting... Thank you

Comments