Firewall Management
Create and configure network security rules to protect your virtual machines
The Firewall Management system allows you to create and configure network security rules to protect your virtual machines. Maximum limit: 25 firewalls per account.
Firewall Overview
The Firewall page displays your existing firewalls with detailed information (6 firewalls per page):
Firewall Information
Displayed Details
- Firewall name and description
- Status indicator (SUCCESS, CREATING, ERROR)
- Region information
- Creation date
- Rule count
- Attached VM count
Management Actions
Available Operations
- View Details
- Add Rule
- Attach to VMs
- Delete
- Real-time status monitoring
Dashboard Statistics
The firewall management interface provides comprehensive statistics:
Firewall Metrics
System Overview
- Total Firewalls: Number of firewalls in your account
- Total Rules: Combined rules across all firewalls
- Attachments: Total VM attachments across firewalls
- Active Firewalls: Firewalls currently protecting VMs
Status Distribution
Operational Status
- SUCCESS: Fully operational firewalls
- CREATING: Firewalls being set up
- ERROR: Firewalls with configuration issues
- Regional Distribution: Firewalls by region
Creating Firewalls
To create a new firewall:
Access Creation
Click the “Create Firewall” button (disabled when limit reached)
Configure Basic Information
Enter firewall details:
- Firewall name (required, maximum 50 characters)
- Description (optional, maximum 255 characters)
- Region selection from dropdown
Create Firewall
Click “Create Firewall” to initialize the new firewall
Configure Rules
After creation, add security rules to define traffic policies
Firewall Naming Requirements
Name Requirements:
- Must be 1-50 characters
- Supports letters, numbers, spaces, hyphens (-), underscores (_), and dots (.)
- Must be unique within your account
- No special characters or symbols allowed
- Cannot be empty or contain only whitespace
Regional Considerations
Region Selection
Region Selection
Geographic Placement
- Firewalls are region-specific
- Must match the region of VMs you want to protect
- Cannot be moved between regions after creation
- Consider multi-region deployment strategies
Cross-Region Management
Cross-Region Management
Multi-Region Strategies
- Create separate firewalls for each region
- Maintain consistent rule sets across regions
- Document regional differences and requirements
- Plan for region-specific compliance needs
Firewall Lifecycle
Creation Process
Before Creating Firewalls
- Identify security requirements for your applications
- Map network traffic patterns and dependencies
- Determine required ports and protocols
- Plan for different environments (dev, staging, prod)
Before Creating Firewalls
- Identify security requirements for your applications
- Map network traffic patterns and dependencies
- Determine required ports and protocols
- Plan for different environments (dev, staging, prod)
During Firewall Setup
- Choose descriptive names that indicate purpose
- Select appropriate region for target VMs
- Add meaningful descriptions for team collaboration
- Document intended use cases and applications
After Creation
- Add security rules based on requirements
- Test rule configurations with target applications
- Attach firewall to appropriate VMs
- Monitor and validate effectiveness
Firewall States
Firewall Limits and Quotas
Account Limitations
Firewall Limits
Quantity Restrictions
- Maximum: 25 firewalls per account
- Regional Distribution: No per-region limits
- Rule Limits: Varies by firewall complexity
- Attachment Limits: Multiple VMs per firewall
Resource Management
Efficient Usage
- Plan firewall usage across projects
- Reuse firewalls for similar applications
- Delete unused firewalls to free quota
- Group related rules in single firewalls
Best Practices for Limits
Firewall Consolidation
Firewall Consolidation
Efficient Firewall Usage
- Group similar applications under one firewall
- Use descriptive names to avoid duplication
- Share firewalls across development teams
- Plan for different environments and use cases
Quota Management
Quota Management
Staying Within Limits
- Monitor current firewall count regularly
- Delete unused or test firewalls promptly
- Plan firewall architecture before creation
- Request quota increases for enterprise needs
Firewall Information Display
Detailed Firewall Information
Each firewall displays comprehensive details:
Essential Details
- Name: User-defined firewall identifier
- Description: Optional purpose description
- Region: Geographic deployment location
- Status: Current operational state
- Creation Date: When firewall was created
Essential Details
- Name: User-defined firewall identifier
- Description: Optional purpose description
- Region: Geographic deployment location
- Status: Current operational state
- Creation Date: When firewall was created
Rule and Attachment Summary
- Rule Count: Number of configured security rules
- Attached VMs: Number of protected virtual machines
- Last Modified: Most recent configuration change
- Active Status: Whether firewall is actively protecting resources
Performance Information
- Traffic Processed: Volume of network traffic filtered
- Rules Applied: Number of rule evaluations
- Blocked Connections: Security violations prevented
- Performance Impact: Latency and throughput metrics
Security Rules Timing
Important Timing Information:
Security rules may take up to 10 minutes to be fully applied after creation. During this time, your VM may appear to have limited connectivity while the firewall configuration propagates across the network infrastructure.
Rule Application Process
Rule Creation
New rules are validated and saved to firewall configuration
Configuration Propagation
Rules are distributed to network infrastructure (up to 10 minutes)
Traffic Filtering
Rules become active and begin filtering network traffic
Monitoring and Validation
Test connectivity and validate rule effectiveness
Firewall Management Best Practices
Security Design Principles
Defense in Depth
Defense in Depth
Layered Security Approach
- Combine firewall rules with application-level security
- Use both network and host-based firewalls
- Implement monitoring and intrusion detection
- Regular security assessments and penetration testing
Principle of Least Privilege
Principle of Least Privilege
Minimize Access Rights
- Only open ports that are actively needed
- Restrict source IP ranges to minimum required
- Use specific protocols instead of broad permissions
- Regularly audit and remove unnecessary rules
Documentation and Compliance
Documentation and Compliance
Governance and Compliance
- Document all firewall rules and their purposes
- Maintain change logs for audit trails
- Regular compliance reviews and updates
- Team training on security best practices
Operational Best Practices
Planning and Design
- Map application network requirements before creating rules
- Design firewall architecture for scalability
- Plan for different environments and use cases
- Consider compliance and regulatory requirements
Implementation
- Start with restrictive rules and open access gradually
- Test rules in development environment first
- Document all rules with clear descriptions
- Implement changes during maintenance windows
Monitoring and Maintenance
- Monitor firewall effectiveness and performance
- Regular security audits and rule reviews
- Update rules based on changing requirements
- Remove obsolete or unused rules promptly
Incident Response
- Plan for security incident response procedures
- Maintain emergency access procedures
- Document escalation and communication procedures
- Regular disaster recovery testing
Firewall Integration
Integration with VM Workflow
VM Deployment
Deployment Integration
- Attach firewalls during VM creation
- Configure security rules before going live
- Test connectivity after deployment
- Monitor security effectiveness
Application Deployment
Application Integration
- Configure rules for specific applications
- Plan for application update requirements
- Test application functionality with firewall rules
- Monitor application performance impact
Automation and Scaling
Automated Rule Management
Automated Rule Management
Automation Strategies
- Use infrastructure as code for firewall management
- Automate rule deployment across environments
- Implement automated testing of firewall rules
- Monitor and alert on rule effectiveness
Scaling Considerations
Scaling Considerations
Growth Planning
- Plan firewall architecture for growth
- Consider performance impact of complex rule sets
- Monitor resource utilization and optimize
- Plan for multi-region and multi-environment scaling
Common Firewall Scenarios
Web Server Firewall
- Purpose: Protect web servers and applications
- Common Rules: HTTP (80), HTTPS (443), SSH (22)
- Considerations: Load balancer integration, CDN compatibility
- Monitoring: Web application performance and security metrics
Web Server Firewall
- Purpose: Protect web servers and applications
- Common Rules: HTTP (80), HTTPS (443), SSH (22)
- Considerations: Load balancer integration, CDN compatibility
- Monitoring: Web application performance and security metrics
Database Protection
- Purpose: Secure database servers from unauthorized access
- Common Rules: Database ports (3306, 5432), management interfaces
- Considerations: Application server access, backup connectivity
- Monitoring: Database performance and connection monitoring
Development Security
- Purpose: Flexible security for development and testing
- Common Rules: SSH, custom application ports, development tools
- Considerations: Team access, debugging tools, temporary access
- Monitoring: Development productivity and security balance
Production Security
- Purpose: Strict security for production workloads
- Common Rules: Minimal required ports, monitoring interfaces
- Considerations: High availability, compliance requirements
- Monitoring: Strict security monitoring and incident response
Important Security Reminder:
Always test firewall configurations in a development environment before applying to production systems. Incorrect firewall rules can block legitimate traffic and impact application availability.
Use descriptive names and detailed descriptions for your firewalls to make management easier as your infrastructure grows. Consider creating template firewalls for common use cases that can be reused across projects.