Professional Documents
Culture Documents
Example 1.2 Each user, who wishes to modify a firewall configuration, will need to accept the Firewall User Agreement terms.
Protocol
You can select the IP (all ports), TCP (single port), or UDP (single port) protocol from the drop down menu. Below is a description for each possible selection.
IP (all ports): Creating an IP policy will make all ports and services on your server available from the IP address or address range supplied. This will give the supplied IP address or range of addresses complete access through the firewall. You will not be able to specify a port number if this protocol is selected. TCP (single port): This must be paired with select ports (see Port section for more information). UDP (single port): This must be paired with select ports (see Port section for more information).
Source IP Address
The source IP is the IP of the visiting client. Its the IP address that you wish to allow through the firewall for a given destination port or service.
Enter IP: Text field that allows you to enter a specific IP address. Any IP: Allows traffic from any source IP address through the firewall. Get My Current IP: Automagically retrieves your clients IP address.
NOTE: These are the client IP addresses that you want to allow your server to serve. Source IP is often set to Any IP Address for services like web services. However, for services such as FTP and email access-type services, Source IP is often limited to just a few client IPs. Example 3.1 You can enter an IP address, select the option of Any IP Address, or Get my current IP.
Destination IP Address
The Destination IP address is the target IP that resides on the server behind the firewall (please see Source IP Address section for available options). You can enter an IP address, select Any IP Address, or select an IP from the menu, which includes the primary and secondary IP addresses of the devices behind the firewall. (New Feature: Searching by device name is now available) Example 5.1 You can enter an IP, select Any IP Address, select an IP from the drop down menu, or select Get my current IP.
Destination Port
If youve selected either the TCP or UDP protocol, you can enter a port number or select from the menu of common ports. Ports that are accepted include 1 to 65535. Certain port and protocol combinations are not permitted, which are listed below:
Port 21 and UDP Port 22 and UDP Port 25 and UDP Port 69 and TCP
Port 80 and UDP Port 110 and UDP Port 115 and UDP Port 443 and UDP
Example 7.2 Adding an Admin IP. In this example, the protocol was changed to IP (all ports). When this protocol is selected, a port number cannot be entered or selected.
Copying Policies
You can copy an existing policy by clicking on the Copy icon. The form fields will fill where possible and you can modify the policy before adding it. Policies that you cannot copy include single deny policies, policies that reference an address set, and locked policies. They will not have a copy icon on the screen. Example 8.1 You can copy an existing policy by clicking on the Copy icon.
Deleting Policies
The Firewall Manager also allows you to delete permit policies and single deny policies. To remove a policy, click the checkbox and click the Delete Selected Policies button on the side bar. Any number of policies may be selected and deleted at one time. Some policies will not have a checkbox, which indicate that they cannot be deleted. These policies allow Rackspace Support Technicians and specific systems to access your server. Example 9.1 You can select to delete a single, multiple or all policies.
NOTE: For Cisco PIX and ASA firewalls, access list hit counts are used for determining policy usage. Any policy that has a hit count of zero is considered as unused. The access list hit counts can be viewed under the Hit Count column (see Example 9.1). The access list hit counts are reset whenever the firewall is restarted.
Example 11.2 Once clicked, the manage address set modal will appear. Adding and deleting addresses within the address set as well as comments can be managed from this window. NOTE: In order for changes to be written to the firewall, please click on Commit Changes.
Example 11.3 You can view non-editable address sets by clicking on the hyperlink or opening the disclosure.
Example 11.4 Once clicked, this menu will able for viewing a non-editable address set.
Example 12.2 Adding and deleting IPs within the Blacklist as well as comments can be managed on this menu.
Change Log
The Change Log contains information of certain events that took place on the firewall. It lists the type of event that took place, the category of the change, the change details, the user who made the change, and the date the change was made. It can be accessed by clicking on the Change Log tab. Changes made directly in the firewall will not be displayed in the Change Log. Example 13.1 The Change Log tracks details about each change made in the Firewall Manager with the exception of comments.
NOTE: If the device is a Cisco ASA using iOS 8.3 or higher, we cannot display the static NATs. This is because the statics are formatted differently in this version. We will be working to support iOS 8.3 in a future version of the Firewall Manager.