Distributed Cloud Firewall Field Reference
This table describes the fields to configure when creating a Distributed Cloud Firewall (DCF) rule.
| Field | Description | ||
|---|---|---|---|
Name |
Distributed Cloud Firewall rule name. |
||
Source Groups |
The SmartGroup(s) that originate traffic. You must create the SmartGroups before creating a DCF rule.
|
||
Destination Groups |
The Destination Group can be:
|
||
WebGroups |
Select the WebGroups that filter egress traffic. These groups must be created before creating a DCF rule. When you monitor/protect a VPC/VNet, WebGroups are created automatically based on the trusted domains. |
||
Protocol |
Select TCP, UDP, ICMP, or Any. If you select TCP or UDP you can enter a port number or port range. |
||
Ports |
Select the port that corresponds to the selected protocol. |
||
Action |
This determines the action to be taken on the traffic.
|
||
Logging |
If this slider is On, information related to the action (such as five-tuple, source/destination MAC address, etc.) is logged. After the rule is created you can enable or disable logging from the vertical ellipsis menu next to the rule.
|
||
Ensure TLS |
Turn On this slider if you want any traffic that is not TLS to be denied, even if the traffic matches the ports and Source and Destination Groups. Traffic is also denied (dropped) even if it is HTTP traffic that matches the domains in the WebGroups. |
||
Place Rule |
Select Above, Below, Top, Bottom, or Priority. |
||
Existing Rule |
If you select Above or Below (Place Rule), you must select the existing rule that is affected by the position of the new rule. |
||
Rule Priority |
If you selected Priority (Place Rule), enter a priority number for the new rule. If an existing rule already has that priority, it is bumped down in the list. Zero (0) is the highest priority number. You can change the rule priority after the rule is created (using the arrow icon next to that rule in the Rule table). |