4. Firewall rules

Owned by Panagiotis Koskeridis (Deactivated)
Last updated: May 19, 2021
4 min read

Introduction

This article provides basic information and an overall insight on creating rules in cloud firewall.

Accessing Firewall

In order to create a rule in the firewall that was purchased, interworks.cloud will send an email with the IP, username and password to end consumer providing that way the needed access to adjust routing accordingly.

Navigating to the IP provided by interworks.cloud the user is greeted from the login screen shown below.

Once the connection to the administration portal of the Cloud Firewall is established, the customer is able to proceed managing the Firewall according to his ongoing security requirements by going to "Firewall" and then "Rules".


Creating rules

Upon entering "Rules" tab from main tab "Firewall", the customer is able to create rules for his firewall accordingly.

Managing which IP can access which server, which port, the ability to access with Remote Desktop and so on.


Rule prioritization

Once rules are created to the firewall the only thing left to do in order for them to be in effect is to hit Save/Update and they are done.

Some rules however might be much more important than others and thus priority to them must be set in order to work in the most proper and efficient way.

In order to prioritize one rule from another the only thing that must be done is to drag and drop the mentioned rules in the ascending/descending rule list.

Firewall rules functions

There are actions possible in the Rules tab like edit, copy, disable and delete.

The easiest and  best way to create and adjust rules is to copy a rule and adjust the values in it like IP and port and its done.

Hit Save/Update and it's finished!

Port Forwarding and 1:1 NAT

Port forwards also take precedence over 1:1 NAT. If a port defined on one external IP address forwarding a port to a host, and a 1:1 NAT entry is also defined on the same external IP address forwarding everything into a different host, then the port forward remains active and continues forwarding to the original host.



Adding Port Forwards

Port Forwards are manages at Firewall > NAT, on the Port Forwards tab.

To begin adding a port forward entry, click Add button to reach the Port Forward editing screen.

The following options are available for port forwards:

Interface

  • The interface where the port forward will be active. In most cases this will be WAN. For additional WAN links or local redirects this may be different interface. The Interface is the location on the firewall where traffic for this port forward enters.

Protocol

  • The Protocol of the incoming traffic to match. This must be set to match the type of service being forwarded, whether it is TCP, UDP, or another available choice. Most common services being forwarded will be TCP or UDP, but consult the documentation for the service or even a quick web search to confirm the answer. The TCP/UDP option forwards both TCP and UDP together in a single rule.

Source

  • These options are hidden behind an Advanced button by default, and set to any source. The Source options restrict which source IP addresses and ports can access this port forward entry. These are not typically necessary. If the port forward must be reachable from any location on the Internet, the source must be any. For restricted access services, use an alias here so only a limited set of IP addresses may access the port forward. Unless the service absolutely requires a specific source port, the Source Port Range must be left as any since nearly all clients will use randomized source ports.

Destination

  • The IP address where the traffic to be forwarded is initially destined. For port forwards on WAN, in most cases this is WAN Address. Where multiple public IP addresses are available, it may be a Virtual IP (see Virtual IP Addresses) on WAN.

Destination port range

  • The original destination port of the traffic, as it coming in from the Internet, before it is redirected to the specified target host. If forwarding a singe port, enter it in the From portbox and leave the To port box blank. A list of common services is available to choose from in the drop down boxes in this group. Port aliases may also be used here to forward a set of services. If an alias is uses here, the same alias must be used as the Redirect target port.

Redirect target IP

  • The IP address where traffic will be forwarded, or technically redirected. An alias here, but the alias must only contain a single address. If the alias contains multiple addresses, the port will be forwarded to each host alternately, which is not what most people want. To setup load balancing for one port to multiple internal servers, see Server Load Balancing.

Redirect target port

  • Where the forwarded port range will being. If a range of ports is forwarded, e.g. 19000-19100, only the local starting points is specified since the number of ports must match up one-to-one.


Conclusion

Following this guide lets the reader create and manage rules in the firewall that was purchased, it's easy and straightforward for an admin with somewhat moderate knowledge.



For further support,

contact us at

support@interworks.cloud