Creating Firewall Rules
To create a Firewall rule, navigate to the Edge Gateway, right-click and select “Edge Gateway Services”. Then select the Firewall tab.
The Firewall is enabled by default, and denies all traffic by default. To allow traffic, both outbound and inbound rules are necessary. See below for examples of both inbound and outbound rules.
Firewall Rule Example: Allow All Outbound
This Firewall rule allows all outbound traffic from an internal subnet.
The “internal” keyword refers to any private IP attached to the Edge Gateway. The “any” keyword covers any value for the relevant fields. The action is set to “Allow”, which overrides the default “Deny” action.
Firewall Rule Example: Allow Specific Inbound
This firewall rule allows traffic from any source to access the external IP at a specific port.
The port should match a port defined by a Port DNAT rule. See DNAT Rule Example: Port NAT for how to set up a corresponding NAT rule.
NAT rules and Firewall rules work together to route traffic across the Edge Gateway. Both are necessary for normal traffic. GreenCloud support is always available for assistance troubleshooting NAT rule interactions.
Firewall Rule Example: Allow ICMP
This Firewall Rule explicitly allows ICMP traffic across to an internal server, which will enable ping traffic. Please note that ICMP ping response is also disabled by default on GreenCloud VMs, so it may be necessary to verify that ICMP is also on for the target server in order to successfully ping.
This rule will allow ping traffic to flow to the target internal IP from an external source.