Attaching Firewalls to VMs
Connect firewalls to virtual machines to enable network protection
Firewalls must be attached to VMs to take effect. You can manage these attachments through the firewall management interface.
Attachment Process
To attach a firewall to a virtual machine:
Access Attachment Interface
From the firewall card, click the “Attach” button
Select Target VM
Select a VM from the list of available machines:
- Only VMs with ACTIVE status are displayed
- VMs that have server_uuid are eligible for attachment
- Single VM selection using radio button interface
- Already attached VMs are marked with checkmark icon
Confirm Attachment
Click “Attach Firewall” to confirm the attachment
Monitor Attachment Status
Wait for attachment to complete and verify success
VM Compatibility Requirements
Eligible Virtual Machines
VM Status Requirements
Active VM Needed
- VM must be in ACTIVE state to attach firewall
- VM must have a valid server_uuid
- VMs in HIBERNATED or STOPPED state cannot be attached
- VM must be fully operational and responsive
Technical Requirements
System Prerequisites
- VM networking must be properly configured
- VM must be accessible through management interface
- Network infrastructure must support firewall attachment
- No conflicting security configurations
VM State Validation
Attachment-Ready States
ACTIVE
- VM is running and fully operational
- All services are available
- Network connectivity is established
- Ready for firewall attachment
Attachment-Ready States
ACTIVE
- VM is running and fully operational
- All services are available
- Network connectivity is established
- Ready for firewall attachment
Cannot Attach Firewalls
HIBERNATED
- VM state is saved but resources released
- Network interfaces are not active
- Must restore VM to ACTIVE state first
SHUTOFF
- VM is powered off
- Network services unavailable
- Must start VM before attachment
CREATING/DELETING
- VM is in transitional state
- Wait for VM to reach stable state
- Retry attachment after state stabilization
Problematic VM States
ERROR
- VM encountered an operational issue
- Resolve VM issues before firewall attachment
- May require VM restart or troubleshooting
UNKNOWN
- VM state cannot be determined
- Check VM status and connectivity
- Contact support if state persists
Multi-Firewall Attachments
Multiple Firewalls per VM
Firewall Stacking
Firewall Stacking
Multiple Firewall Support
- Multiple firewalls can be attached to the same VM
- All rules from attached firewalls apply cumulatively
- Rules are processed in order of attachment
- Conflicting rules are resolved based on precedence
Rule Interaction
Rule Interaction
How Multiple Firewalls Work Together
- Additive Rules: All allow rules from all firewalls are applied
- Security Layering: Multiple layers of protection
- Rule Conflicts: Most restrictive rule typically takes precedence
- Performance Considerations: More firewalls may impact performance
Management Strategy
Management Strategy
Best Practices for Multiple Firewalls
- Use different firewalls for different security layers
- Organize rules by function (web, database, management)
- Document firewall purposes and interactions
- Test thoroughly when combining multiple firewalls
Firewall Organization Strategies
Functional Separation
Web Tier Firewall:
- HTTP/HTTPS traffic rules
- Load balancer configurations
- CDN and proxy rules
Application Tier Firewall:
- API access rules
- Inter-service communication
- Database connection rules
Management Firewall:
- SSH access rules
- Monitoring and logging
- Administrative interfaces
Functional Separation
Web Tier Firewall:
- HTTP/HTTPS traffic rules
- Load balancer configurations
- CDN and proxy rules
Application Tier Firewall:
- API access rules
- Inter-service communication
- Database connection rules
Management Firewall:
- SSH access rules
- Monitoring and logging
- Administrative interfaces
Environment Separation
Production Firewall:
- Strict security rules
- Minimal access permissions
- Comprehensive logging
Development Firewall:
- More permissive rules
- Developer access
- Testing and debugging tools
Staging Firewall:
- Production-like security
- Limited external access
- Testing environment protection
Viewing Firewall Attachments
To view and manage firewall attachments:
Access Firewall Details
Click “View Details” on any firewall card
Navigate to Attachments
Select the “Attached VMs” tab in the firewall details interface
Review Attachment Information
View comprehensive attachment details:
- VM Name and identification
- VM Status (ACTIVE, HIBERNATED, etc.)
- Attachment Status (SUCCESS, ATTACHING, ERROR)
- Attachment timestamp and duration
Manage Attachments
Use available controls to detach or modify attachments as needed
Attachment Status Types
Attachment Information Display
The attachment interface provides detailed information for management:
VM Information Table
Essential Information
- VM Name: User-defined virtual machine identifier
- VM ID: System-generated unique identifier
- Region: Geographic location of the VM
- Creation Date: When the VM was originally created
Essential Information
- VM Name: User-defined virtual machine identifier
- VM ID: System-generated unique identifier
- Region: Geographic location of the VM
- Creation Date: When the VM was originally created
Operational Status
- VM Status: Current operational state (ACTIVE, SHUTOFF, etc.)
- Attachment Status: Current firewall attachment state
- Health Status: Overall VM health and responsiveness
- Network Status: Network connectivity and configuration
Attachment Details
- Attachment Time: When firewall was attached to VM
- Attachment Duration: How long firewall has been attached
- Rule Count: Number of rules protecting this VM
- Last Activity: Most recent firewall activity or rule application
Detaching Firewalls
To remove firewall protection from a VM:
Access Detachment Interface
Navigate to firewall details and locate the attached VM
Initiate Detachment
Click the detach button for the specific VM
Confirm Detachment
Review the detachment warning and confirm the action
Monitor Detachment
Wait for detachment to complete and verify removal
Detachment Security Warning:
Detaching a firewall immediately removes network protection from the VM. Ensure you have alternative security measures in place or that the VM doesn’t require firewall protection before proceeding.
Detachment Considerations
Security Impact
Security Impact
Protection Removal
- VM loses firewall protection immediately
- All blocked connections become allowed
- Network exposure increases significantly
- Consider alternative protection before detaching
Service Continuity
Service Continuity
Application Impact
- Previously blocked traffic may suddenly be allowed
- Application behavior may change
- Monitor for unexpected connections
- Test application functionality after detachment
Alternative Protection
Alternative Protection
Security Alternatives
- Attach different firewall before detaching current one
- Implement host-based firewall on VM
- Use network-level security controls
- Consider moving VM to protected network segment
Attachment Best Practices
Planning Firewall Attachments
Assess Security Requirements
- Identify network traffic patterns and requirements
- Determine necessary ports and protocols
- Plan for different security layers and functions
- Consider compliance and regulatory requirements
Design Firewall Architecture
- Plan firewall organization and rule distribution
- Consider performance impact of multiple firewalls
- Design for scalability and maintainability
- Document firewall purposes and interactions
Test Attachment Strategy
- Test firewall attachments in development environment
- Validate application functionality with firewalls attached
- Monitor performance impact of firewall rules
- Test failover and disaster recovery scenarios
Implement and Monitor
- Attach firewalls during maintenance windows
- Monitor application performance and connectivity
- Validate security effectiveness
- Document operational procedures
Operational Best Practices
Attachment Timing
When to Attach Firewalls
- Attach firewalls before VM goes into production
- Use maintenance windows for production changes
- Coordinate with application deployment schedules
- Plan for testing and validation time
Monitoring and Validation
Post-Attachment Monitoring
- Monitor application performance after attachment
- Validate that required traffic is allowed
- Check that unauthorized traffic is blocked
- Monitor firewall logs for security events
Troubleshooting Attachment Issues
Common Attachment Problems
VM Not Eligible
VM Not Eligible
VM Cannot Be Selected
- Cause: VM not in ACTIVE state
- Solution: Start or restore VM to ACTIVE state
- Verification: Check VM status in dashboard
- Timeline: Wait for VM to fully boot before retry
Attachment Fails
Attachment Fails
Attachment Process Errors
- Cause: Network configuration issues or VM problems
- Solution: Check VM networking and connectivity
- Verification: Test VM accessibility through other means
- Timeline: May require VM restart or network reconfiguration
Attachment Shows Error
Attachment Shows Error
Error Status After Attachment
- Cause: Firewall rule conflicts or configuration issues
- Solution: Review firewall rules and VM configuration
- Verification: Test network connectivity and application functionality
- Timeline: May require rule adjustment or firewall reconfiguration
Debugging Attachment Issues
Check VM Status
- Verify VM is in ACTIVE state
- Confirm VM has valid server_uuid
- Test VM responsiveness and connectivity
- Check for any VM error conditions
Validate Firewall Configuration
- Review firewall rules for conflicts
- Check firewall status and health
- Verify firewall is in SUCCESS state
- Test firewall functionality with other VMs
Test Network Connectivity
- Test VM network connectivity before and after attachment
- Verify DNS resolution and internet connectivity
- Check for blocked connections in firewall logs
- Validate application-specific connectivity requirements
Contact Support if Needed
- Provide VM ID and firewall ID
- Include error messages and timestamps
- Describe attempted troubleshooting steps
- Include network configuration details
When multiple firewalls are attached to the same VM, all rules apply cumulatively. Plan your firewall architecture carefully to avoid conflicts and ensure optimal security coverage.
Always test firewall attachments in a development environment before applying to production VMs. This helps identify potential connectivity issues and rule conflicts before they impact live services.