Overview of managing firewalls for network containers
The topic provides some background information about how cloud administrators can manage firewall rules for a network container with a firewall. The topic includes the following sections:
Types of firewalls managed by BMC Cloud Lifecycle Management
BMC Cloud Lifecycle Management supports the management of the following:
- Perimeter, or routed, firewalls — Perimeter firewalls are layer 3 firewalls, and protect traffic flowing between connected networks. Perimeter firewalls support many interfaces, each on a different subnet.
Distributed firewalls (such as the Cisco Virtual Security Gateway appliance) — Distributed firewalls, also called transparent hypervisor firewalls or layer 2 firewalls, protect traffic flowing between virtual machines (VMs)
Cloud administrators can manage firewall rules (inbound and outbound access control lists (ACLs)) for both perimeter firewalls and distributed firewalls by:
- Adding or deleting firewall rules
- Dynamically enabling or disabling all perimeter firewalls for a network container, rather than having to create multiple containers to deal with various firewall paths.
- Editing a firewall rule to
- Enable or disable the firewall
- Allow or deny traffic
- Set up the same rule for a set of ports without creating a rule per port
- Lock firewall rules and network paths. This capability prevents the deletion of rules created through network paths.
- Hide the display of firewall rules or network paths from the tenant admin and the cloud end user
- Log rules for firewalls and network paths
- Update other settings
Cloud administrators can manage firewall rules from a network container by using the BMC Cloud Administrator Console, as described in Managing-perimeter-firewalls and Managing-distributed-firewalls.
Example components of a perimeter firewall definition
The following illustration depicts the main components of a perimeter firewall definition.
Related topics