Manage IP Addresses

In this section of the CloudGuard portal, you can see the IP addresses allocated to your cloud resources and which rules (security groups) reference or affect them. This includes internal and external (elastic) IP addresses. In addition, you can label addresses and classify them based on their logical location in the network (external, internal, DMZ). You see these labels and classifications when you view your VPC with the Configuration Explorer (see Configuration Explorer).

You can configure lists of IP addresses. You can apply a Security GroupClosed A set of access control rules that acts as a virtual firewall for your virtual machine instances to control incoming and outgoing traffic. policy to the list as an alternative to applying it to each IP address.

Benefits

In the portal, you can see all your IP addresses at a glance and see the rules that reference each address.

When you attach a label to an address, you make it easier to identify in the Configuration Explorer.

Similarly, you can easily group addresses into lists from the portal and apply security policies on lists. This is a simple way to apply policies and decrease possible errors.

Use Cases

Typical use cases for IP addresses management from the CloudGuard portal are:

  • Identify IP addresses used in a VPC or find to which VPC an address is related, see View IP addresses

  • Associate IP addresses with a list, see Define IP Lists

  • Review the security rules associated with an IP address or group of addresses, see Define IP Lists

Actions

You can see a list of all your IP addresses across all platforms and environments and details for a selected address.

  1. Go to Network Security > select IP Address. A list of all IP addresses shows for all your VPCs on each of your environments.

  2. To show more details, click an IP Address.

CloudGuard classifies IP addresses as Internal (to the VGC network), External (access from the Internet through an Internet gateway), or DMZ (partial access). This classification is shown in the Configuration Explorer for your VGC network (seeConfiguration Explorer). You can classify each of your IP addresses.

  1. Select an IP address from the list, to open the details view for it.

  2. Click Classify IP.

  3. In the window, enter a name for the address that appears later from the list and in the Configuration Explorer and select a classification.

  4. If the address already has a classification, click Edit Classification to change it or Delete Classification to delete it.

    In the Configuration Explorer with your VPC, you can see the IP address in the selected classification with the assigned name.

IP lists are groups of IP addresses. You can apply a security group (rule) to an IP list as an alternative to applying the rule to each IP address.

  1. Go to Network Security > select IP Lists. A list of all IP Lists shows.

  2. To add a new list, click Add. Or select one of the lists shown on the left to show a list of the IP addresses included in it (on the right).

  3. Enter new IP addresses in the box, and click Add. When done, click Save.

  4. Click Delete to remove IP addresses from a list.

    Click Delete IP List to delete a list. This deletes the list but not the IP addresses.