Firewall Services

Firewall Services are combinations of protocols (UDP, TCP, or ICMP) and Source / Destination Port Numbers (or ICMP type) that are used by certain programs and services.

Corente Cloud Services Exchange automatically provides the following predefined Firewall Services:

  • domain (for access to App Net Manager)

  • ftp (for file transferring)

  • gateway_viewer (for access to Gateway Viewer)

  • http (for web browsing)

  • https (for SSL-encrypted web browsing)

  • icmp (to test for connectivity and search for configuration errors in a network.)

  • imap (for e-mail) netbios (for file-sharing)

  • ntp (to synchronize the time on a computer to a server or reference time source over the application network)

  • pop3 (for e-mail)

  • smtp (for e-mail)

  • smnp (for monitoring Corente Services Gateways or network devices with SNMP)

  • ssh (for secure telnet)

  • telnet (to log into computers with telnet)

  • tftp (for improved FTP file transferring)

  • ldap (for authentication)

  • radius (for authentication)

  • syslog (for logging)

To view the Firewall Services that are currently defined in your domain, do the following:

  • Open the Firewall Services branch in the domain directory.

  • Click Firewall Services in the domain directory and view the table on the right side of the interface. This table lists the following:

    • Firewall Service: The name of each service

    • Default: Whether or not the service is a Default service

    • Rules: How many rules the service contains

To view the rules of an existing Firewall Service, open the Firewall Service in the domain directory or select the Firewall Service name in the table on the right side of the interface.

You can use the Edit or Delete buttons in the toolbar of App Net Manager to edit or delete an existing Firewall Service. You cannot edit or delete a default Firewall Service. Changes made to a Firewall Service will change the personality configuration of any Locations using that particular service.

If you delete a Firewall Service currently in use by any of your Locations, the Locations will no longer be able to use this service and the service will be deleted from the definitions of any existing Firewall Policies.

Add a New Firewall Service

If you are planning to share applications that require Firewall Services that differ from the default Firewall Services, you can define the rules of additional Firewall Services.

Note

Because Corente Cloud Services Exchange firewalls are stateful, you do not need to define Firewall Services for return traffic of any of the common protocols.

To create a new Firewall Service, make sure Firewall Services is selected in the domain directory and do the following:

  • Select the New button in the toolbar.

  • From the File menu, select Add Firewall Service.

  • Right-click Firewall Services in the domain directory and select Add Firewall Service.

A blank Add Firewall Service window is shown.

Complete the fields in this window as follows:

  • Firewall Service Name: Enter a name for your new Firewall Service. This name may contain up to 30 alphanumeric characters. Underscores are allowed, but do not use tabs, spaces, or punctuation marks when creating this name.

  • Firewall Service Rules: App Net Manager defines each set of protocols and port ranges in a Firewall Service as a rule. A single Firewall Service can contain multiple rules. This will occur if the program for which you are creating a Firewall Service operates over several different ranges of port numbers or uses several types of protocols. Each Firewall Service you create can be used in one or more Firewall Policies.

    The Firewall Service Rules table displays each rule by protocol type and either source and destination range or ICMP type. To edit an existing rule, select the rule and click the Edit button.

    To delete an existing rule, select the rule and click the Delete button.

    To add rules to your Firewall Service, click the Add button at the bottom of the window. The Add Firewall Service Rule window will be displayed.

On this window, complete each of the following fields:

  • Protocol: Choose the type of protocol from the following list of options: TCP, UDP, and ICMP. This designates the type of packet that will be entering and exiting the ports. The protocol you choose in this menu will determine what other options on this screen are enabled.

    When TCP or UDP is selected, the following options are enabled:

    • Source Port Range specifies ports in the range from 1 to 65534. Select Any to allow all ports.

    • Destination Port Range specifies a range of up to 15 ports.

  • When ICMP is selected, the adjoining menu is enabled:

    • ICMP Type: Select the type of ICMP from this pull down menu. You can choose from Any, 0 (Echo Reply), 3 (Dest Unreachable), 4 (SRC Quench), 5 (Redirect), 8 (Echo Request), 9 (Router Adv), 10 (Router Sol), 11 (Time Exceeded), 12 (Param Problem), 13 (Timestamp Req), 14 (Timestamp Rep), 15 (Info Req), 16 (Info Rep), 17 (Addr Mask Req), and 18 (Addr Mask Rep).

    After you have completed these fields, click OK to add this rule to your Firewall Service or Cancel to close the window without saving your selections. You can add as many rules to a Firewall Service as you would like using this procedure.

When you have completed the entire definition of your new Firewall Service, click OK to store your changes or Cancel to close the window without storing. Your new Firewall Service will now appear in the domain directory and on the table on the right side of the screen.

Note that you must save your changes in order for your additions to take effect.

Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices