Firewall

The Firewall page allows you to create access rules for your network.

To view the Firewall page, access the Harmony SASE Administrator Portal and click Private AccessFirewall.

Use Case

  • Create rules for specific user groups, resources, and protocols. For example, deny access to the management user group to a certain resource if accessed through the Internet Control Message Protocol (ICMP).

  • Create a comprehensive rule for the entire network traffic. For example, block all traffic on a specific port.

Prerequisite

Define your network with IPSec or Harmony SASE Connector tunnel. See Adding a Tunnel.

Access Rules Order

The order of the rules indicate the sequence in which the system checks and applies the rules. For example, if a user tries to access a resource, then the system first checks if the traffic matches rule #1. If it does, it applies the rule. Otherwise, the system checks if the traffic matches rule #2, and so on. If none of the rules match, then the system applies the default rule.

Creating a Firewall Access Rule

  1. Access the Harmony SASE Administrator Portal and click Networks.

  2. Select the network for which you want to create firewall access rules.

  3. Click and then click Firewall Rules.

    The Firewall page appears.

  4. Click Add Rule.

    The system places the new rule at the top, and it is enabled by default.

  5. In the Name field, enter a name that describes the rule.

  6. From the Action list, select the action type:

    • Allow

    • Deny

  7. In the Source field, click Add Source and select the traffic source for this rule.

  8. In the Destination field, click Add Destination and select the traffic destination for this rule.

    Note - The Source and Destination define the conditions for the Action to be applied to the traffic.

    You can specify three types of objects in the Source and Destination fields:

    • Any - All traffic (any address or member).

    • Groups or Members - All traffic routed from/to a specific member or member group.

    • Addresses - Traffic routed from/to an FQDN, IP address, subnet, or list of IP addresses.

  9. In the Service field, select one of these:

    • Any - Traffic routed on all protocols and ports.

    • Services - Traffic routed on a specific protocol or port.

  10. Drag the rule and place it in required position in the order.

  11. Click Apply Changes.

    The Apply Changes window appears.

  12. Click Apply.

Enabling or Disabling Firewall Logs

  1. Access the Harmony SASE Administrator Portal and go to Private Access > Firewall.

  2. For the network you want to enable or disable firewall logs, from the Logs list, select one of these:

    • On - Enable

    • Off - Disable