All Products
Search

This Product

    Simple Application Server:Manage firewall templates

    Document Center

    Simple Application Server:Manage firewall templates

    Last Updated:Sep 09, 2024

    Simple Application Server supports the firewall template feature that provides multiple firewall rules. You can use a template to add a set of firewall rules to one or more simple application servers at a time. This improves the efficiency of configuring firewall rules. This topic describes how to create, modify, and delete a firewall template, and use a firewall template to configure firewall rules for simple application servers.

    Limits

    • You can create a maximum of 50 firewall templates in a region.

    • You can add a maximum of 50 firewall rules to a firewall template.

    • You can apply a maximum of 50 firewall rules to a simple application server.

    • You can apply a firewall template to a maximum of 10 simple application servers at a time.

    Create a firewall template

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Firewall Templates.

    3. On the Firewall Templates tab, click Create Template.

      Follow the on-screen instructions to configure the parameters. The following table describes the parameters.

      Parameter

      Description

      Name

      The name of the firewall template.

      Description

      Enter a description for the firewall template to facilitate subsequent management.

      Firewall rule

      Application Type

      The application type. Select an application type based on your business requirements.

      Protocol

      The protocol. Valid values: TCP, UDP, and ICMP.

      Note

      If you set the Protocol parameter to ICMP, you must set the Port Range parameter to -1 to enable all ports, which is equivalent to setting the Source IP Address parameter to the default value 0.0.0.0/0. This way, access from all source IPv4 addresses is allowed.

      Port Range

      The port range. Valid range: 1 to 65535. You can use one of the following methods to configure this parameter:

      • Specify a single port.

        Enter the port number that you want to enable. For example, if you want to allow traffic on MySQL listening port 3306, enter 3306 in the Port Range field.

      • Specify a port range.

        Use a forward slash (/) to separate the start port number and the end port number. For example, if you want to allow traffic over the port range 20000 to 30000 that you specify in the FTP configuration file, enter 20000/30000 in the Port Range field.

      Source IP Address

      The source IP addresses. The default value is 0.0.0.0/0, which specifies all IPv4 addresses.

      Important

      Configure IP addresses based on your requirements and follow the principle of least privilege to prevent network attacks on your server.

      Policy

      The policy of the firewall rule. This parameter is automatically set to Allow and cannot be changed.

      Remarks

      Enter remarks for the firewall rule.

      If you want to add multiple firewall rules to the firewall template, click Add Rule.

      The system provides common ports. You can click One-click Enable to enable common ports based on your business requirements.

      Note

      You can add a maximum of 50 firewall rules to a firewall template.

    4. Click Create Template.

      Note

      After you click One-click Enable, you must delete the empty firewall rule that is automatically displayed. Otherwise, the Create Template button is dimmed and cannot be used.

      image

      After you create a firewall template, you can use the firewall template to configure firewalls for simple application servers. For more information, see the "Configure firewall rules based on a firewall template" section of this topic.

    Modify a firewall template

    After you create a firewall template, you can add firewall rules to the firewall template, modify firewall rules in the firewall template, or delete firewall rules from the firewall template based on your business requirements. You can also apply firewall rules to simple application servers based on the firewall template.

    Note

    Modifying rules in a firewall template, adding rules to a template, or removing rules from a template does not affect the simple application servers to which the template is applied.

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Firewall Templates.

    3. On the Firewall Templates tab, click the ID of the firewall template that you want to modify.

    4. On the Rule List tab, add, modify, or delete firewall rules based on your business requirements.

      Add a firewall rule

      1. Click Add Rule.

      2. In the lower-left corner of the Add Rule panel, click Add Rule or One-click Enable.

      3. Configure the firewall rule based on your business requirements. For more information about firewall rule parameters, see the "Create a firewall template" section of this topic.

      4. Click Confirm.

      Modify a firewall rule

      1. Find the firewall rule that you want to modify. Click Modify Rule in the Actions column.

      2. In the Modify Rule dialog box, modify the source IP address, protocol, port range, and remarks of the firewall rule based on your business requirements.

      3. Click Confirm.

      4. In the Modify Rule message, The rule is modified is displayed. Click Close.

      Delete a firewall rule

      1. Find the firewall rule that you want to delete. Click Delete in the Actions column.

        You can also select the firewall rules that you want to delete and click Batch Delete in the lower-left corner of the rule list.

      2. In the Delete message, click Confirm.

      3. In the Delete message, x rules deleted is displayed. Click Close.

    Configure firewall rules based on a firewall template

    You can use a firewall template to configure firewall rules for one or more simple application servers. This improves your efficiency of configuring firewall rules.

    Important

    If the port range, protocol, and source IP address of a firewall rule in a firewall template are the same as the port range, protocol, and source IP address of an existing rule, the new rule overwrites the existing rule regardless of whether the existing rule is enabled.

    Apply a firewall template to a single simple application server

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Servers.

    3. Find the simple application server for which you want to configure firewall rules based on a firewall template, and click the server ID in the card of the server.

    4. Click the Firewall tab.

    5. In the upper-left corner of the Firewall tab, click Apply Firewall Template.

      image

    6. In the Apply Firewall Template dialog box, select the firewall template that you want to apply and click Apply Template.

    7. In the Apply Firewall Template dialog box, click View Execution Details.

      You are directed to the Template Utilization History tab of the Firewall Templates page. On this tab, you can view details about the firewall template.

    Apply a firewall template to multiple simple application servers

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Firewall Templates.

    3. On the Firewall Templates tab, find the firewall template that you want to apply and click Apply in the Actions column.

      image

    4. In the Apply dialog box, select the simple application servers to which you want to apply the firewall template.

      Note

      You can select a maximum of 10 simple application servers at a time.

    5. Click OK.

    6. In the Apply dialog box, click View Execution Details to view the application result of the firewall template.

      You can also view the application details of the firewall template on the Template Utilization History tab of the Firewall Templates page. For more information, see the "View the application history of a firewall template" section of this topic.

    View the application history of a firewall template

    Note

    Even if a firewall template is deleted, you can still view its application history.

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Firewall Templates.

    3. On the Firewall Templates page, click the Template Utilization History tab.

    4. In the firewall template application history list, view the template ID/name, servers to which the firewall template is applied, and the application task status and creation time of the firewall template.

    5. View the application details of the firewall template.

      1. In the firewall template application history list, find the firewall template and click View Details in the Actions column.

      2. In the Execution Details panel, view the execution result and execution content of the firewall template.

    Delete a firewall template

    Deleting a firewall template does not affect the firewall rules that have been applied to simple application servers. You can delete a firewall template that you no longer need.

    1. Log on to the Simple Application Server console.

    2. In the left-side navigation pane, click Firewall Templates.

    3. On the Firewall Templates tab, find the firewall template that you want to delete and click Delete in the Actions column.

    4. In the Delete message, click Confirm.

    References

    You can also configure firewall rules on the Firewall tab of a simple application server. For more information, see Manage the firewall of a simple application server.