Description

This article describes how the view and manage Firewall Rules on a Network Domain in an MCP 2.0 Data Center location, including near-real time usage statistics and overlaps or redundancies that may exist in your policy structure.

The Firewall policy allows you to control traffic within the Network Domain (i..e. between VLANs) as well as inbound and outbound traffic. The firewall manages both IPv4 and IPv6 traffic. This articles includes:


For information on how to Clone a Firewall Rule, see How to Clone a Firewall Rule

If You're looking for instructions on how to create a Firewall Rule, see How to Create a Firewall Rule on a Network Domain

Prerequisites:

  1. Only the Primary Administrator or a Sub-Admin with the Network role can manage Firewall Rules.
  2. This article applies only to MCP 2.0 Data Center locations. For details on MCP 1.0 equivalent instructions, see How to Manage ACL Rules on a Cloud Network
  3. This article assumes you understand the behavior of Firewall Rules in a MCP 2.0 Data Center location. For details on this behavior, see Introduction to Firewall Rules for Cloud Network Domains in MCP 2.0

Content / Solution:

  1. From the Home page select the Data Center where the Network Domain on which the Firewall Rule(s) you want to manage are located:


  2. The Data Center dashboard will be displayed. Select the Network Domain on which the Firewall Rule(s) you want to manage are located:


  3. The Network Domain dashboard will be displayed:


  4. Click on the Firewall Rules tab:

Enable or Disable a Firewall Rule

  1. Click on the Manage gear next to the Firewall Rule whose state you want to manage. Select either Enable Rule or Disable Rule from the drop-down menu:


  2. The system will display a confirmation dialog asking you to confirm the action. Click Confirm:


  3. The system will display a success message:


  4. The system will edit the Firewall Rule and the UI will be updated to reflect the change:

    Note: When a rule is enabled, the rule is identified by a green icon  and normal text.
    Note: When a rule is disabled, the rule is identified by a greyed out icon  and strikethrough text.

Edit a Firewall Rule

  1. Locate the Firewall Rule you want to edit. Click on the manage gear next to the firewall Rule and select Edit Firewall Rules from the drop-down menu:


  2. The Edit Firewall Rules dialog will be displayed:
     

  3. Edit the Firewall Rule information. Once you have made the desired changes, click Save:


  4. The system will display a success message:


  5. The system will edit the Firewall Rule and the UI will be updated to reflect the change:

Delete a Firewall Rule

  1. Locate the Firewall Rule you want to delete. Click on the manage gear next to the Firewall Rule and select Delete Firewall Rule from the drop-down menu:


  2. The system will display the Delete Firewall Rule dialog. Click Delete:


  3. The system will display a success message:


  4. The system will remove the Firewall Rule and the UI will be updated to reflect the change:

"Download" Firewall Rules as a CSV File

  1. Click on the Actions button at the top of the Firewall Rules tab, then select Download Firewall Policy as CSV from the drop-down menu:


  2. The Firewall Policy will be downloaded to your computer as a CSV formatted file:

    Note: The CSV file's title will include: "Firewall Policy", the Data Center ID, and the name of the Network Domain; similar to: "Firewall Policy - NA12, Network Domain 1".
    Note: The easiest way to open this file is with a spreadsheet manager, like Microsoft Excel.
    Note: Some of the columns may be truncated.

Download IP Address List as a CSV file

  1. Click on the Actions button at the top of the Firewall Rules tab, then select Download IP Address List as CSV from the drop-down menu:


  2. The IP Address list will be downloaded to your computer as a CSV formatted file:

    Note: The CSV file's title will include: "IP Address List", the Data Center ID, and the name of the Network Domain; similar to: "IP Address List - NA12, Network Domain 1".
    Note: The easiest way to open this file is with a spreadsheet manager, like Microsoft Excel.
    Note: Some of the columns may be truncated.

Download Port List as a CSV File

  1. Click on the Actions button at the top of the Firewall Rules tab, then select Download Port List as CSV from the drop-down menu:


  2. The Port list will be downloaded to your computer as a CSV formatted file:

    Note: The CSV file's title will include: "Port List", the Data Center ID, and the name of the Network Domain; similar to: "Port List - NA12, Network Domain 1".
    Note: The easiest way to open this file is with a spreadsheet manager, like Microsoft Excel.
    Note: Some of the columns may be truncated.

View Firewall Rule Statistics (Overlap State and Hit Counter)

  1. Click on the Statistics tab at the top of the Firewall Rules section. The Firewall Rule statistics will be shown:


  2. The Statistics tab shows near real-time information about the Firewall Rules, including:

    • Overlap State - Indicates if a Firewall Rule overlaps another rule. The overlap can be one of two types:
      • Redundant - Means that a Firewall Rule further up in the hierarchy is already processing traffic that would hit this rule in the same manner, and the redundant rule might no longer be needed. 
      • Conflicting - Means that the Conflicting rule is attempting to process the same traffic as another, higher up rule in a different way, and likewise, might no longer be needed.
    • Counter - Indicates how many times a firewall rule has been 'hit'
    • Timestamp - Indicates the date and time of the most recent 'hit' on the firewall rule

Note: For more information on Firewall Rule Statistics, see Introduction to Firewall Rules for Cloud Network Domains in MCP 2.0