Setting firewall rules for cloud servers

You can edit the default firewall rules for the primary and recovery servers in the cloud.

To edit the firewall rules of a server on your cloud site

  1. In the Cyber Protect console, go to Disaster Recovery> Servers.

  2. If you want to edit the firewall rules of a recovery server, click the Recovery servers tab. Alternatively, if you want to edit the firewall rules of a primary server, click the Primary servers tab.

  3. Click the server, and then click Edit.

  4. Click the Cloud firewall rules tab.

  5. If you want to change the default action for the inbound connections:

    1. In the Inbound drop-down field, select the default action.

      Action Description
      Deny all

      Denies any inbound traffic.

      You can add exceptions and allow traffic from specific IP addresses, protocols, and ports.
      Allow all

      Allows all inbound TCP and UDP traffic.

      You can add exceptions and deny traffic from specific IP addresses, protocols, and ports.

      Changing the default action invalidates and removes the configuration of existing inbound rules.

    2. If you want to save the existing exceptions, in the confirmation window, select Save filled-in exceptions.

    3. Click Confirm.

  6. If you want to add an exception:

    1. Click Add exception.

    2. Specify the firewall parameters.

      Firewall parameter Description
      Protocol

      Select the protocol for the connection. The following options are supported:

      • TCP

      • UDP

      • TCP+UDP

      Server port

      Select the ports to which the rule applies. You can specify the following:

      • a specific port number (for example, 2298)

      • a range of port numbers (for example, 6000-6700)

      • any port number. Use * if you want the rule to apply to any port number.
      Client IP address

      Select the IP addresses to which the rule applies. You can specify the following:

      • a specific IP address (for example, 192.168.0.0)

      • a range of IP addresses using the CIDR notation (for example, 192.168.0.0/24)

      • any IP address. Use * if you want the rule to apply to any IP address.

  7. If you want to remove an existing inbound exception, click the bin icon next to it.

  8. If you want to change the default action for the outbound connections:

    1. In the Outbound drop-down field, select the default action.

      Action Description
      Deny all

      Denies any outbound traffic.

      You can add exceptions and allow traffic to specific IP addresses, protocols, and ports.
      Allow all

      Allows all outbound traffic.

      You can add exceptions and deny traffic from specific IP addresses, protocols, and ports.

      Changing the default action invalidates and removes the configuration of existing outbound rules.

    2. If you want to save the existing exceptions, in the confirmation window, select Save filled-in exceptions.

    3. Click Confirm.

  9. If you want to add an exception:

    1. Click Add exception.

    2. Specify the firewall parameters.

      Firewall parameter Description
      Protocol

      Select the protocol for the connection. The following options are supported:

      • TCP

      • UDP

      • TCP+UDP

      Server port

      Select the ports to which the rule applies. You can specify the following:

      • a specific port number (for example, 2298)

      • a range of port numbers (for example, 6000-6700)

      • any port number. Use * if you want the rule to apply to any port number.
      Client IP address

      Select the IP addresses to which the rule applies. You can specify the following:

      • a specific IP address (for example, 192.168.0.0)

      • a range of IP addresses using the CIDR notation (for example, 192.168.0.0/24)

      • any IP address. Use * if you want the rule to apply to any IP address.

  10. If you want to remove an existing outbound exception, click the bin icon next to it.

  11. Click Save.