Enabling the Distributed Cloud Firewall Feature

If you see a message on the Distributed Cloud Firewall page (Security > Distributed Cloud Firewall) that you require the Aviatrix Universal Subscription, in the cloud marketplace you must subscribe to and accept terms for the correct Aviatrix subscription. For more information on subscribing, see Aviatrix Licensing.

Take note of your Customer ID (license) for this offer.

If there is no pre-existing customer ID (you are a new user), you entered this customer ID when logging on to CoPilot. You do not need to reset the Customer ID on the License tab before enabling the feature.

If you have already subscribed to the Aviatrix Universal Subscription license, you do not need to subscribe again. You can just enable the feature from Configuration > Settings > License in CoPilot.

If you configured the ThreatIQ and/or Geoblocking features prior to Controller version 7.2.4820, in 7.2.4820 you automatically receive a free Distributed Cloud Firewall (DCF) license.

If you did not configure the ThreatIQ and/or Geoblocking features prior to Controller version 7.2.4820, you are expected to purchase a DCF license. This will include the ExternalGroup feature.

To enable the Distributed Cloud Firewall (DCF) feature:

  1. In CoPilot, go to Security > Distributed Cloud Firewall > Policy.

  1. Click Enable Distributed Cloud Firewall.

    300

  2. Click Begin Using Distributed Firewall.

    300

  3. On the Distributed Cloud Firewall message that displays, click Begin.

    300

The Rules tab now displays the rules in the system-defined V1 Policy List ruleset. You can add rules to the system-defined rulesets.

If desired, you can enable DCF from the Add-on Features area under Settings > Configuration > License, and then go to the Security > Distributed Cloud Firewall > Policy tab to begin using DCF.

Assuming that the Distributed Cloud Firewall add-on feature is enabled from the Settings > Configuration > License tab under Add-on Features, these Preview features are available:

  • Enforcement on PSF Gateways and/or Enforcement on External Connections. You must enable these features from the Security > Distributed Cloud Firewall > Settings tab. With these features, you can enforce DCF on PSF Gateways and/or External Connections.

  • DCF on Kubernetes Clusters from the Feature Previews list. To use this feature, you must enable it from the Discovery of Kubernetes Resources card on the Groups > Settings tab.