Abiquo 5.1
This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX) and in public cloud (AWS, Azure). In Oracle Cloud, the platform enables users to onboard classic firewalls and assign them to VMs. In vCloud Director, the platform also supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). See Manage classic firewalls To synchronize firewalls do these steps: To synchronize a firewall before you add new firewall rules: The platform can create firewall policies in virtual datacenters in the provider, or in the platform only, for later use in providers, depending on provider support. Privilege: Manage firewall To create a new firewall, do these steps: Field Description Name Name of the firewall policy. Description Description of the firewall policy If you entered a virtual datacenter, the platform created your firewall in the provider. The platform will display a Provider-ID and a Virtual datacenter ID for the firewall. If you selected No virtual datacenter, the firewall will be created in the platform in the public cloud region for your enterprise. The synchronize process will not update this firewall. The platform will not create it in the provider until you select a virtual datacenter. Privilege: Manage default firewall To set or unset a default firewall for a virtual datacenter: When the user creates a VM, the platform will assign the default firewall. The firewall rules apply to VMs, not individual NICs on the VMs. Changes to the firewall ruleset will apply to every VM in the virtual datacenter with the default firewall. If you do not set a default firewall but the provider requires one, for example, AWS, the platform will set the provider's default firewall. In AWS the default firewall is not marked. To edit a firewall policy: Field Description Name Name of the firewall policy. Some providers will not allow you to edit the name of the firewall policy Description Description of the firewall policy To move a firewall to another virtual datacenter To add a new firewall rule: Before you edit firewall rules in AWS, synchronize the firewall to update the rules because AWS will not allow you to create a rule that already exists in the security group. Remember that it may take some time for firewall rules to propagate throughout AWS. Until the rules have propagated, the platform will not be able to detect them. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/query-api-troubleshooting.html#eventual-consistency To delete firewall rules, do these steps. To display firewalls that exist in a virtual datacenter in the provider: To display all firewalls in a location (public cloud region or datacenter), including those that only exist in the platform and not in the provider: To filter firewalls, enter text in the Search box to search by the Name, Description, and Provider ID in the Firewalls list. See Assign a firewall policy to a VM To delete a firewall policy:
API Documentation For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource FirewallPoliciesResource.Introduction to Firewalls
Synchronize firewall policies with the cloud provider
Create a firewall policy
Location Public cloud region or datacenter Virtual datacenter Default Optional. Select to make the firewall the default for the virtual datacenter Set a firewall policy as the default for a virtual datacenter
Edit a firewall policy
Default Select this option to set the firewall as the default. The platform will assign the default firewall to new VMs. Move a firewall policy to another virtual datacenter
Edit firewall rules
Edit firewall rules in AWS
Delete firewall policy rules
Display firewall policies
Assign a firewall policy to a VM
Delete a firewall policy
Manage firewalls with the API