Change the firewall settings.
The operation for setting up a firewall differs depending on whether a ruleset is used when an L-Platform that uses a firewall is deployed.
When an L-Platform that uses a firewall is deployed without the use of a ruleset
Click the [Setting] button to display the [Firewall setting] window.
This window enables you to set "DNAT setting" and "SNAPT setting" and to add, edit, and delete firewall rules. These settings operate the network device when the [Submit] button is clicked at the bottom right of the window.
When the firewall is to connect to the outside, first set the DNAT and SNAPT for public IP addresses. DNAT and SNAPT must be defined before you make Internet settings in the firewall rule settings. There is no need to set DNAT or SNAPT when there is not going to be a connection with the Internet.
The rules for accepting connection are defined in the firewall rule settings. The rule " FROM and TO:not specified, ID:59900, Source, Source port, Destination, Destination port and Protocol:not specified, Action:Drop and Log:On" is the regular definition, so if no rules are defined, the firewall blocks all connections. When there are multiple firewall rules, the rules are applied in ascending order according ID value, so make the settings with this prioritization in mind.
The following describes the settings in detail:
DNAT setting
You can set DNAT at the top left of the [Firewall setting] window.
The list shows IP addresses to be published. These are the IP addresses used by the L-Platform. From the list, select an IP address to be published and click the [Set] button. In the [DNAT setting] window that is displayed, specify the target. You can clear the setting at this point by selecting [It does not set it] or by selecting the IP address to be published in the [Firewall setting] window and clicking the [Clear] button.
SNAPT setting
You can set SNAPT at the top right of the [Firewall setting] window.
The drop-down menu to the left of the list stores the IP addresses to be published. These are the IP addresses used with the L-Platform. Click the [Add target] button. In the [Add SNAPT targets] window that is displayed, specify the target server for the IP address to be published that you selected in the drop-down menu. You can delete this setting by selecting the target in the [Firewall setting] window and clicking the [Clear] button.
Firewall rules
You can set firewall rules at the bottom of the [Firewall setting] window.
Click the [Add] button to start the [Add Firewall rule] wizard, and add firewall rules.
[Add Firewall rule] window
[Select direction] page
Specify the direction of the firewall rules. The drop-down menu lists the segment types in the segments on the L-Platform and the connection destinations of the L-Platform. Specify the direction of the firewall rules and click [Next] to display [Rule setting] page.
[Rule setting] page
Set the details of the rule.
The table below explains the items.
Item | Explanation |
|---|---|
ID | ID of the rule |
Source | Specify the source. |
Source port | The source port number for all rules will always be [any]. |
Destination | Specify the destination. |
Destination port | Specify the destination port number. |
Protocol | Specify a protocol. |
Action | Specify the method for processing connections that satisfy the rule conditions. |
Log | Specify whether to collect a log of connections that satisfy the rule conditions. |
After specifying the items, click the [Next] button to display the [Confirmation] page.
[Confirmation] page
Confirm the rule settings. The [OK] button adds the rule, but the settings are not sent to the network device until the [Submit] button is clicked in the [Firewall setting] window.
[Firewall rule edit] window
Select a rule from the list of firewall rules at the bottom of the [Firewall setting] window, and then click the [Edit] button. You can then edit the firewall rule. However, you cannot change the direction of the firewall rules during the editing process.
Firewall rule delete
Select a rule from the list of firewall rules at the bottom of the [Firewall setting] window and click the [Delete] button to delete the firewall rule.
Note
If the number of Firewall rule is zero, the [Submit] button of the [Firewall setting] window is unavailable.
When an L-Platform that uses a firewall is deployed with the use of a ruleset
The firewall ruleset parameter values can be changed in the firewall settings.
Perform the following steps to change the firewall settings:
Display the [L-Platform Details] page
Refer to "5.3.2 L-Platform Detailed Information Display" for information on the display method.
Select the firewall, and then click the [Setting] button.
[Firewall] page is displayed.
Selected ruleset: Displays the ruleset names.
Description: Displays the ruleset descriptions.
Segment/Server: The names of the segments or servers where the parameters are enabled are displayed. "-" is displayed for parameters are unrelated to the segment or server.
Parameter: Displays the parameter names.
Description: Displays an explanation of the parameter
Value: Enter the value to be set for the parameter
Description of the selected parameter: The description of the parameter in the row being pointed at is displayed.
When the [Update] button is clicked, a confirmation message is displayed.
Click the [OK] button to save and apply the firewall settings.
Point
Firewall settings cannot be set by L-Platform subscription or L-Platform reconfiguration.
After an L-Platform is deployed, check the IP addresses of the servers included in the L-Platform and the port numbers used by the installed middleware. Then, set the allowed IP addresses and port numbers in the relevant ruleset parameters in the firewall settings.
