Firewall
The Firewall page allows you to create access rules for your network.
To view the Firewall page, access the Harmony SASE Administrator Portal and click Private Access > Firewall.
|
Note - Contact your account manager to request firewall logging functionality. |
Use Case
-
Create rules for specific user groups, resources, and protocols. For example, deny access to the management user group to a certain resource if accessed through the Internet Control Message Protocol (ICMP).
-
Create a comprehensive rule for the entire network traffic. For example, block all traffic on a specific port.
Prerequisite
Define your network with IPSec or Harmony SASE Connector tunnel. See Adding a Tunnel.
Access Rules Order
The order of the rules indicate the sequence in which the system checks and applies the rules. For example, if a user tries to access a resource, then the system first checks if the traffic matches rule #1. If it does, it applies the rule. Otherwise, the system checks if the traffic matches rule #2, and so on. If none of the rules match, then the system applies the default rule.
Creating a Firewall Access Rule
-
Access the Harmony SASE Administrator Portal and click Networks.
-
Select the network for which you want to create firewall access rules.
-
Click and then click Firewall Rules.
The Firewall page appears.
-
Click Add Rule.
The system places the new rule at the top, and it is enabled by default.
-
In the Name field, enter a name that describes the rule.
-
From the Action list, select the action type:
-
Allow
-
Deny
-
-
In the Source field, click Add Source and select the traffic source for this rule.
-
In the Destination field, click Add Destination and select the traffic destination for this rule.
Note - The Source and Destination define the conditions for the Action to be applied to the traffic.
You can specify three types of objects in the Source and Destination fields:
-
Any - All traffic (any address or member).
-
Groups or Members - All traffic routed from/to a specific member or member group.
-
Addresses - Traffic routed from/to an FQDN, IP address, subnet, or list of IP addresses.
-
-
In the Service field, select one of these:
-
Any - Traffic routed on all protocols and ports.
-
Services - Traffic routed on a specific protocol or port.
-
-
Drag the rule and place it in required position in the order.
-
Click Apply Changes.
The Apply Changes window appears.
-
Click Apply.