Description

This article describes how to clone a Firewall Rule on a Network Domain in a MCP 2.0 Data Center location.

Prerequisites:

  1. Only the Primary Administrator or a Sub-Admin with the Network role can manage Firewall Rules.
  2. This article applies only to MCP 2.0 Data Center locations. For details on MCP 1.0 equivalent instructions, see How to Manage ACL Rules on a Cloud Network
  3. This article assumes you understand the behavior of Firewall Rules in a MCP 2.0 Data Center location. For details on this behavior, see Introduction to Firewall Rules for Cloud Network Domains in MCP 2.0

Content / Solution:

  1. From the Home page, select the Data Center where Network (MCP 1.0) or Network Domain (MCP 2.0) on which the Firewall Rule you want to Clone is located:


  2. The Data Center dashboard will be displayed. Select the Network (MCP 1.0) or Network Domain (MCP 2.0) where the Firewall Rule you want to Clone is located:


  3. The Network (MCP 1.0) or Network Domain (MCP 2.0) dashboard will be displayed. Click on the Firewall Rules tab:

     

  4. Locate the Firewall Rule you want to clone. click on the Manage gear next to the rule, and select Clone Rule from the dropdown menu:


  5. The system will display a the Add Firewall Rule dialog with the Rule's information already populated in to the fields:

    Note: The Firewall Rule Name must be updated to make it unique.
     

  6. Make the desired changes, then click Create:

    • Firewall Rule Name - Descriptive name for the Firewall Rule. Name has a maximum length of 60 characters.
      • Note: The Name must be alphanumeric with the following exceptions permitted: '_' (underscore) and '.' (period/full stop). Must begin with a letter or '_' (underscore). Cannot contain spaces. Rule name cannot start with 'CCDEFAULT.' and must be unique within the Network Domain.
    • Action - Choose what action the Firewall Rule should take (either Accept Decisively or Drop). Note the Drop action is a "silent" drop - the system will not reject packets or send a TCP reset
    • State - Set the State of the Firewall Rule (either enabled  or disabled)
    • IP Version - Choose between IPv4 or IPv6. 
      • Note: It is NOT possible to select Any for both the Source and Destination if the selected IP Version is IPv6. It is acceptable for either Source or Destination to be Any with an IP Version of IPv6.
    • Protocol - Choose the protocol associated with the Firewall rule. You can create rules associated with IP, ICMP, TCP, or UDP protocols. 
    • Source Details - Choose the source IP addresses covered by the rule. Choose from Any, Host, Subnet or Address List.
      • Note: The system will provide suggestions based on Name or IP Address
      • Note: If the Protocol is IP or ICMP you can not set the Port. 
    • Source Port - Choose the port, range of ports (including any/all), or Port List to be associated with the rule if the protocol is TCP, UDP.  All IP and ICMP protocol rules apply to 'Any' ports only.
    • Destination Details - Choose the destination IP addresses covered by the rule, with the same options as Source IP addresses. 
      • Note: The system will provide suggestions based on Name or IP Address.
      • Note: If the Protocol is IP or ICMP you can not choose the Port.
    • Destination Port - Choose the port, range of ports (including any/all), or Port List to be associated with the rule if the protocol is TCP, UDP.  All IP and ICMP protocol rules apply to 'Any' ports only.
    • Placement - Choose the position of the Firewall rule within the rule list. Firewall rules are followed sequentially - if there is a contradiction in the rules (i.e. if one rule says permit a certain type of traffic while another rule would deny that traffic), the rule with the lower number takes priority.
       
  7. The system will display a success message:


  8. The system will add the cloned Firewall Rule in the chosen position:

    Note: The default placement will be the next sequential position after the Rule from which it was cloned, but you can choose a different placement.