Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Managing perimeter firewalls

BMC Cloud Lifecycle Management supports the management of perimeter, or routed, firewalls from the Manager Firewall Rules dialog box. Perimeter firewalls are layer 3 firewalls, and protect traffic in and out of a network. Perimeter firewalls have one or more external (unprotected) and internal (protected) interfaces, and secure what is referred to as north/south traffic. Perimeter firewalls support many interfaces, each on a different subnet.

Note

When you are adding, editing, or deleting firewall rules, the network container is locked.

The topic describes how cloud administrators can manage perimeter firewalls for a network container with a firewall.

Before you begin

The network container must have at least one firewall.

To manage a perimeter firewall from a network container

Note

Perimeter firewalls cannot be enabled or disabled (toggled) when creating or editing a network container.

You can access the Manage Firewalls dialog from the Resource Manager > Network > Network Containers workspace or from the accompanying Details pane for the selected container.

  1. From the BMC Cloud Lifecycle Management Administration Console, perform the following steps:
    1. Click the vertical Workspaces menu on the left side of the window and select Resources.
    2. Under Quick Links on the left, click Network Containers under the Network section to display the network containers.
    3. Select a network container that has a firewall that you want to manage.
    4. Click the Manage Firewall Rules icon FWicon.gif.
  2. From the Details pane, perform the following steps:
    1. Select the network container with the firewall entry or entries.
    2. Expand the Details pane.
    3. Under the Firewalls label, select the firewall from the Firewalls table.
    4. Click the Manage Firewall Rules icon FWicon.gif.
      The Manage Firewall rules dialog is displayed.
      managefirewalls.gif

  3. Review the following field descriptions:

    The top section includes the following fields:

    Field

    Description

    Firewall

    Select the firewall to manage from the drop-down list if the firewall is not already displayed.

    Interface

    Refers to inside (incoming) or outside (outgoing) interface of the network firewall. The inside interface refers to the internal network. The outside interface refers to the external network. The inside interface uses the inbound access control list (ACL) to filter traffic coming into the firewall and uses the outbound ACLs to check network traffic leaving the firewall. The outside interface uses the inbound ACLs to check network traffic arriving at the firewall and the outbound ACL to filter traffic leaving the router. You specify an interface to display the corresponding rules.

    Mode

    Read or edit. To make changes to the corresponding rules, switch to edit mode.
    You must choose a network interface (inside or outside) before you can update a rule in edit mode.

    Network Container

    Name of the selected network container

    Network/Zone

    The name of the network and zone (logical group of VMs or hosts) that the firewall is securing.

    The bottom section has a table for Inbound and Outbound access control lists (ACLs), which display the list of filtering rules for traffic arriving at the network container from the cloud (inbound), or leaving the network container out to the cloud (outbound):

    Field

    Description

    Status

    Status of the rule. The options are enabled or disabled.

    Allow Traffic

    Indicates whether traffic is permitted or denied based on the rule.

    Log

    Indicates whether logging is enabled.

    Locked

    Indicates whether the rule has been locked for editing. If it is locked, the rule can be edited only by a cloud administrator.

    Hidden

    Indicates whether the rule has been designated as a hidden rule by the cloud administrator. A hidden rule can be viewed only by a cloud administrator, and is not displayed in views used by tenant administrators or end users.

    Description

    An optional description of the rule

    Source

    The value might vary on which interface is selected and on whether the rule is inbound or outbound. The options are host address or network address/mask.

    Destination

    The value might vary on which interface is selected and on whether the rule is inbound or outbound. The options are host address or network address/mask.

    Application Protocol/Port Range

    The protocol used by the application layer that handles network services or the port range.

    Transport Protocol

    The protocol used by the transport layer that transmits data packets.

    Creation Source

    Identifies the origin of the rule. A firewall rule could be created by a service offering instance, through ad-hoc rule management, or automatically generated by BMC Network Automation (in certain conditions).

Where to go from here

You can now create a new rule or edit an existing rule.

Related topics

Overview-of-managing-firewalls-for-network-containers
Managing-dynamic-components-for-network-containers
Managing-distributed-firewalls
Creating-network-containers

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*