Description
Describes the default firewall rules that govern traffic on newly deployed Cloud Network Domain in a MCP 2.0 data center location.
Content / Solution:
When you deploy a new Cloud Network Domain, the system provisions it with a set of "default" Firewall rules that affect both inbound and outbound network traffic. This article provides additional detail about the "default" firewall rules that are applied to a newly deployed Cloud Network Domain.
After you deploy a Cloud Network Domain , you can view these rules as described in: How to View and Manage Firewall Rules and Statistics on a Network Domain
It will look like this:
These rules have the following impacts:
- The first two "CCDEFAULT" rules block outbound SMTP traffic on IPv4 and the next two block it on IPv6. You cannot delete these rules but you can disable them. See How to Enable Outbound SMTP Traffic for a Network Domain in a MCP 2.0 Data Center.
- The last one (DenyExternalInboundIpv6) explicItly denies any inbound IPv6 traffic. Again, this rule can be enabled to allow such traffic in the same way.
The key thing to note here is that no traffic in or out of the Cloud Network Domain is allowed by default. These rules are explicitly denying traffic but there are no rules allowing any traffic. Therefore, you must establish firewall rules to allow any IPv4 or IPv6 traffic between the Cloud Network Domain and anything outside the Cloud Network Domain. You also must establish rules to allow communication between VLANs or a CPNC (Cloud Private Network Domain Connection).
Related Articles