Managing Distributed Cloud Firewall Rulesets
| You must upgrade to Controller version 8.0 to use DCF rulesets. |
After creating your rulesets, you can manage them by:
-
Changing their priority
-
Resetting the traffic count for specific rulesets, if you want to see what new traffic is coming in for the rules within a ruleset.
Initial Rulesets
Two rulesets are initially available when you start using the Rulesets feature:
-
Post Rules Policy List: System-based ruleset that contains the DefaultDenyAll Rule. You cannot delete this ruleset or the DefaultDenyAll Rule. This ruleset is executed last in the ruleset list.
-
V1 Policy List: Ruleset added by Aviatrix. You can add rules to this ruleset, but you cannot delete it. This ruleset contains the Greenfield Rule, which you can modify or delete as needed.
|
If you configured any DCF rules before upgrading to Controller 8.0, they are added to the V1 Policy List ruleset. If for some reason the V1 Policy List has been deleted, the Pre-Existing Rules List ruleset is created and the Greenfield Rule is added to that ruleset. |
Changing Ruleset Priority
To change ruleset priority:
-
On the Security > Distributed Cloud Firewall > Policies tab, click Manage Rulesets. The Manage Rulesets dialog displays.
-
To change a ruleset’s priority, click the up/down arrow icon next to a ruleset in the list.
-
In the Move Rulesets popup, select to move the ruleset:
-
Above: Move above an existing rule
-
Below: Move below an existing rule
-
To Top: Move to the top of the ruleset list
-
To Bottom: Move to the bottom of the ruleset list
-
Priority: assign a Priority Number to the ruleset
-
-
Click Save Draft.
-
In the Manage Rulesets dialog, click Commit if you want to commit the change.