User Guides Developer Reference Support FAQs Log in

Create Rules

PreviousCreate Default or Custom Network Security Groups NextView Rules

Last updated 5 days ago

Was this helpful?

Create Rules

To comply with security requirements, you can use pre-defined templates that cover common security scenarios or customize the firewall rules for your Network Security Groups (NSGs).

With customized firewall rules, you can define specific rules to address known security threats and vulnerabilities to support complex network architectures and applications, thus offering additional flexibility and control.

Template-based rules are pre-defined rules for you to apply to your NSGs. It is also possible to clone rules from an NSG in another data center.

For consistent security configurations across environments, whether within the same data center or replicated across different ones, you can clone existing security rules to ensure that identical security policies apply to multiple resources. It facilitates easier management and compliance across your cloud infrastructure and significantly reduces the time needed to set up security configurations.

To define rules, follow these steps:

1. Log in to the DCD with your username and password.

2. Go to Menu > Network > Network Security Groups.

3. Select a data center from the drop-down list.

4. Select an NSG to associate rules with it:

select the NAME of the respective NSG.
select View & Edit.

You can create customized firewall rules to secure your network from external threats and vulnerabilities.

1. Select Create Firewall Rule and enter the following details:

Name: A name for your firewall rule.
Protocol: Select a protocol from the drop-down list: UDP, TCP, ICMP, ICMPv6, GRE, VRRP, ESP, AH, and ANY.
Type: Select INGRESS or EGRESS to specify the direction of traffic flow that the rule applies to.
- INGRESS: Select Ingress to control traffic that originates from outside the network and is destined for a resource within the network.
- EGRESS: Select Egress to control traffic that originates from within the network and is destined for a resource outside the network.
IP Version: Select an appropriate version from the drop-down list: Auto, IPv4, and IPv6. Selecting Auto sets the type to IPv4 or IPv6 address based on your specific IP address.
Source MAC: Enter the Media Access Control (MAC) address of the source device that sends traffic to the network. You can specify a specific MAC address or use wildcards to match a range of MAC addresses. Examples: 00:11:22:33:44:55 (specific MAC address) or 00:*:*:*:*:* (wildcard to match any MAC address starting with 00).
Source IP: Enter the IP address of the source device from which the traffic originates. This field supports both IPv4 and IPv6 addresses.
Target IP: Enter the IP address of the target device that receives traffic from the network. This field supports both IPv4 and IPv6 addresses.
Port Range Start: Enter the starting port number of a range of ports that are affected by the NSG rule. The port range is inclusive, meaning that the starting port number is included in the range.
Port Range End: Enter the ending port number of a range of ports that are affected by the NSG rule. The value must be must be greater than or equal to the Port Range Start field.
ICMP Type: Enter the specific category of the ICMP message. Each ICMP Type corresponds to a particular function or indication of a network condition. This option is available for ICMP and ICMPv6 protocols only.
ICMP Code: Enter the ICMP code for the given ICMP Type. For example, for Type 3, which indicates a destination unreachable error, one common code is Code 0: Network Unreachable. This option is available for ICMP and ICMPv6 protocols only.

2. Select Create to confirm.

Result: The firewall rule is created and set to an Available state.

Info: After creation, you can modify the existing rule by selecting its NAME or clicking View & Edit. Remember that you can edit all field values except the Protocol and Type.

PreviousCreate Default or Custom Network Security Groups NextView Rules

Last updated 5 days ago

Was this helpful?

To comply with security requirements, you can use pre-defined templates that cover common security scenarios or customize the firewall rules for your Network Security Groups (NSGs).

Template-based rules are pre-defined rules for you to apply to your NSGs. It is also possible to clone rules from an NSG in another data center.

To define rules, follow these steps:

1. Log in to the DCD with your username and password.

2. Go to Menu > Network > Network Security Groups.

3. Select a data center from the drop-down list.

4. Select an NSG to associate rules with it:

select the NAME of the respective NSG.
select View & Edit.

You can create customized firewall rules to secure your network from external threats and vulnerabilities.

1. Select Create Firewall Rule and enter the following details:

Name: A name for your firewall rule.
Protocol: Select a protocol from the drop-down list: UDP, TCP, ICMP, ICMPv6, GRE, VRRP, ESP, AH, and ANY.
Type: Select INGRESS or EGRESS to specify the direction of traffic flow that the rule applies to.
- INGRESS: Select Ingress to control traffic that originates from outside the network and is destined for a resource within the network.
- EGRESS: Select Egress to control traffic that originates from within the network and is destined for a resource outside the network.
IP Version: Select an appropriate version from the drop-down list: Auto, IPv4, and IPv6. Selecting Auto sets the type to IPv4 or IPv6 address based on your specific IP address.
Source MAC: Enter the Media Access Control (MAC) address of the source device that sends traffic to the network. You can specify a specific MAC address or use wildcards to match a range of MAC addresses. Examples: 00:11:22:33:44:55 (specific MAC address) or 00:*:*:*:*:* (wildcard to match any MAC address starting with 00).
Source IP: Enter the IP address of the source device from which the traffic originates. This field supports both IPv4 and IPv6 addresses.
Target IP: Enter the IP address of the target device that receives traffic from the network. This field supports both IPv4 and IPv6 addresses.
Port Range Start: Enter the starting port number of a range of ports that are affected by the NSG rule. The port range is inclusive, meaning that the starting port number is included in the range.
Port Range End: Enter the ending port number of a range of ports that are affected by the NSG rule. The value must be must be greater than or equal to the Port Range Start field.
ICMP Type: Enter the specific category of the ICMP message. Each ICMP Type corresponds to a particular function or indication of a network condition. This option is available for ICMP and ICMPv6 protocols only.
ICMP Code: Enter the ICMP code for the given ICMP Type. For example, for Type 3, which indicates a destination unreachable error, one common code is Code 0: Network Unreachable. This option is available for ICMP and ICMPv6 protocols only.

2. Select Create to confirm.

Result: The firewall rule is created and set to an Available state.

Info: After creation, you can modify the existing rule by selecting its NAME or clicking View & Edit. Remember that you can edit all field values except the Protocol and Type.