Firewall Overview
The Firewall page displays your existing firewalls with detailed information (6 firewalls per page):Firewall Information
Displayed Details
- Firewall name and description
- Status indicator (SUCCESS, CREATING, ERROR)
- Region information
- Creation date
- Rule count
- Attached VM count
Management Actions
Available Operations
- View Details
- Add Rule
- Attach to VMs
- Delete
- Real-time status monitoring
Dashboard Statistics
The firewall management interface provides comprehensive statistics:Firewall Metrics
System Overview
- Total Firewalls: Number of firewalls in your account
- Total Rules: Combined rules across all firewalls
- Attachments: Total VM attachments across firewalls
- Active Firewalls: Firewalls currently protecting VMs
Status Distribution
Operational Status
- SUCCESS: Fully operational firewalls
- CREATING: Firewalls being set up
- ERROR: Firewalls with configuration issues
- Regional Distribution: Firewalls by region
Creating Firewalls
To create a new firewall:1
Access Creation
Click the “Create Firewall” button (disabled when limit reached)
2
Configure Basic Information
Enter firewall details:
- Firewall name (required, maximum 50 characters)
- Description (optional, maximum 255 characters)
- Region selection from dropdown
3
Create Firewall
Click “Create Firewall” to initialize the new firewall
4
Configure Rules
After creation, add security rules to define traffic policies
Firewall Naming Requirements
Name Requirements:
- Must be 1-50 characters
- Supports letters, numbers, spaces, hyphens (-), underscores (_), and dots (.)
- Must be unique within your account
- No special characters or symbols allowed
- Cannot be empty or contain only whitespace
Regional Considerations
Region Selection
Region Selection
Geographic Placement
- Firewalls are region-specific
- Must match the region of VMs you want to protect
- Cannot be moved between regions after creation
- Consider multi-region deployment strategies
Cross-Region Management
Cross-Region Management
Multi-Region Strategies
- Create separate firewalls for each region
- Maintain consistent rule sets across regions
- Document regional differences and requirements
- Plan for region-specific compliance needs
Firewall Lifecycle
Creation Process
- Planning Phase
- Creation Phase
- Configuration Phase
Before Creating Firewalls
- Identify security requirements for your applications
- Map network traffic patterns and dependencies
- Determine required ports and protocols
- Plan for different environments (dev, staging, prod)
Firewall States
Firewall Limits and Quotas
Account Limitations
Firewall Limits
Quantity Restrictions
- Maximum: 25 firewalls per account
- Regional Distribution: No per-region limits
- Rule Limits: Varies by firewall complexity
- Attachment Limits: Multiple VMs per firewall
Resource Management
Efficient Usage
- Plan firewall usage across projects
- Reuse firewalls for similar applications
- Delete unused firewalls to free quota
- Group related rules in single firewalls
Best Practices for Limits
Firewall Consolidation
Firewall Consolidation
Efficient Firewall Usage
- Group similar applications under one firewall
- Use descriptive names to avoid duplication
- Share firewalls across development teams
- Plan for different environments and use cases
Quota Management
Quota Management
Staying Within Limits
- Monitor current firewall count regularly
- Delete unused or test firewalls promptly
- Plan firewall architecture before creation
- Request quota increases for enterprise needs
Firewall Information Display
Detailed Firewall Information
Each firewall displays comprehensive details:- Basic Information
- Configuration Summary
- Operational Metrics
Essential Details
- Name: User-defined firewall identifier
- Description: Optional purpose description
- Region: Geographic deployment location
- Status: Current operational state
- Creation Date: When firewall was created
Security Rules Timing
Important Timing Information:Security rules may take up to 10 minutes to be fully applied after creation. During this time, your VM may appear to have limited connectivity while the firewall configuration propagates across the network infrastructure.
Rule Application Process
1
Rule Creation
New rules are validated and saved to firewall configuration
2
Configuration Propagation
Rules are distributed to network infrastructure (up to 10 minutes)
3
Traffic Filtering
Rules become active and begin filtering network traffic
4
Monitoring and Validation
Test connectivity and validate rule effectiveness
Firewall Management Best Practices
Security Design Principles
Defense in Depth
Defense in Depth
Layered Security Approach
- Combine firewall rules with application-level security
- Use both network and host-based firewalls
- Implement monitoring and intrusion detection
- Regular security assessments and penetration testing
Principle of Least Privilege
Principle of Least Privilege
Minimize Access Rights
- Only open ports that are actively needed
- Restrict source IP ranges to minimum required
- Use specific protocols instead of broad permissions
- Regularly audit and remove unnecessary rules
Documentation and Compliance
Documentation and Compliance
Governance and Compliance
- Document all firewall rules and their purposes
- Maintain change logs for audit trails
- Regular compliance reviews and updates
- Team training on security best practices
Operational Best Practices
1
Planning and Design
- Map application network requirements before creating rules
- Design firewall architecture for scalability
- Plan for different environments and use cases
- Consider compliance and regulatory requirements
2
Implementation
- Start with restrictive rules and open access gradually
- Test rules in development environment first
- Document all rules with clear descriptions
- Implement changes during maintenance windows
3
Monitoring and Maintenance
- Monitor firewall effectiveness and performance
- Regular security audits and rule reviews
- Update rules based on changing requirements
- Remove obsolete or unused rules promptly
4
Incident Response
- Plan for security incident response procedures
- Maintain emergency access procedures
- Document escalation and communication procedures
- Regular disaster recovery testing
Firewall Integration
Integration with VM Workflow
VM Deployment
Deployment Integration
- Attach firewalls during VM creation
- Configure security rules before going live
- Test connectivity after deployment
- Monitor security effectiveness
Application Deployment
Application Integration
- Configure rules for specific applications
- Plan for application update requirements
- Test application functionality with firewall rules
- Monitor application performance impact
Automation and Scaling
Automated Rule Management
Automated Rule Management
Automation Strategies
- Use infrastructure as code for firewall management
- Automate rule deployment across environments
- Implement automated testing of firewall rules
- Monitor and alert on rule effectiveness
Scaling Considerations
Scaling Considerations
Growth Planning
- Plan firewall architecture for growth
- Consider performance impact of complex rule sets
- Monitor resource utilization and optimize
- Plan for multi-region and multi-environment scaling
Common Firewall Scenarios
- Web Application
- Database Server
- Development Environment
- Production Environment
Web Server Firewall
- Purpose: Protect web servers and applications
- Common Rules: HTTP (80), HTTPS (443), SSH (22)
- Considerations: Load balancer integration, CDN compatibility
- Monitoring: Web application performance and security metrics
Important Security Reminder:Always test firewall configurations in a development environment before applying to production systems. Incorrect firewall rules can block legitimate traffic and impact application availability.
Use descriptive names and detailed descriptions for your firewalls to make management easier as your infrastructure grows. Consider creating template firewalls for common use cases that can be reused across projects.