Create/Edit Security Policy

Overview

Key Sections

Name

This field allows you to give the policy a name that helps you identify the access pattern, for example

• Allow Access from Company Network

• Deny Access from Country XYZ

• Allow E-Mail Protocols

• Allow RPC traffic

Allow/Deny

This section allows you to define rules that allow and deny network access based on the specified protocol, IP address range, and port range of the traffic origin.

• Protocol: TCP, UDP. Leave empty for any protocol.

• Source: An IP address or CIDR block of the traffic origin. Leave empty for any host.

• Port range: A single port number or a colon separated port range (START_PORT:END_PORT). Only valid port numbers 1-65535 are accepted. Leave empty for any port number.

Add new rules by clicking the green plus sign (+) on the right hand side. You can remove individual rules from the policy by clicking the red minus sign (-) next to the rule row.

Servers to apply this policy

This section specifies to what servers in your cluster this rule is supposed to be applied. All servers are selected by default, but you can choose to exclude specific servers from this policy.

Applying policies to servers

To apply the policies uniformly to the firewall configuration on the servers, navigate to the Server Security tab.