Firewall Rules

Warning: E-MetroTel AWS cloud instances are pre-configured with AWS security rules that minimize the exposure of the UCX software to the internet. Proceed with caution before activating and making changes to the UCX firewall as you may unintentionally restrict remote access to Web Based Configuration Utility (https) and remote support (ssh and VPN) for you and E-MetroTel and system data may be lost. Recovery from such a situation, if possible, is not covered by standard E-MetroTel support services and may incur charges for support.

The Firewall Rules page allows you to configure the firewall for your UCX system. When UCX is installed, there is a set of default firewall rules, which are not active.

Prior to activating the firewall, first go to Define Ports page to make sure the port numbers are up to date.

To activate the Firewall, perform the following steps:

  1. Open the UCX Web-based Configuration Utility
  2. From the Security tab, select Firewall
  3. From the left side column, select Firewall Rules
  4. Press the Activate Firewall button

Default Rules

The following diagram shows the default firewall rules for a newly installed R6.0 system. If your system was upgraded from a previous release, the existing rules are retained and the new R6.0 defaults will not be in the list.

Configuring Rules

Adding a Firewall Rule

To add a new firewall rule, perform the following steps:

  1. Open the UCX Web-based Configuration Utility
  2. From the Security tab, select Firewall
  3. From the left side column, select Firewall Rules
  4. If the firewall is not active, press the Activate Firewall button to activate it
  5. Press the New Rule button.
  6. Fill in all the fields
  7. Press the Save button to create the new rule
  8. After adding new rule(s), they are displayed on the configuration page but not yet activated on the system. To activate the new rules you created, press the Save Changes button

 

The Source and Destination IP fields must be entered with the corresponding IP address format, and the mask field must be a number between 0 and 32.  The value of the Source Address and Destination Address fields must be entered in the format aaa.bbb.ccc.ddd / n (CIDR notation).

When you set an IP address field to 0.0.0.0 (meaning "any value"), the mask is ignored.

To enter a specific IP address, the mask should be set to 0.

Modifying a Firewall Rule

To edit a rule, select the corresponding Paintbrush icon in the right column, make desired changes to the rule, and press the  Save button to save the changes.

To delete a rule, select the checkbox on the left side of the rule you want to delete, press the Delete button and confirm the action.
Note:
After deleting one or more rules, they are removed from the configuration page, but remain active on the system. For the change to take effect, you have to press the Save Changes button to apply the changes to the system.

To change the order of rules, select the Up or Down arrow icon under the Order column. To move a rule up 1 position in the list, select the Up arrow. To move the rule down 1 position in the list select the Down arrow. Changes to the order of rules are immediately applied.