SmartGroup Use Cases
The following are examples of how to use SmartGroups in Distributed Cloud Firewall (DCF) policies.
SmartGroups Use Case 1
Alex creates three SmartGroups:
-
Smart Group 1 = Data_Analytics
-
Smart Group 2 = Customer_Relationships
-
Smart Group 3 = Public CIDR of Hosted Cloud_Service
Alex has the following business objectives:
-
Allow Data Analytics and Customer Relationships to communicate with the Cloud Service on port 443.
-
Deny all traffic between Data Analytics and Customer Relationships.
To achieve Distributed Cloud Firewall (DCF) objectives, Alex does the following in CoPilot Home > Security > Distributed Cloud Firewall:
-
Builds firewalling policies that allow traffic from Smart Group 1 and 2 to communicate on port 443 with Smart Group 3.
-
Creates a Deny All Policy for Smart Group 1 to communicate with Smart Group 2. Note that after a SmartGroup is part of a policy, all traffic for that SmartGroup is denied unless explicitly allowed by DCF rules.
SmartGroup Use Case 2 (External Connection)
-
Create a SmartGroup for RS1 (Remote Site 1).
-
Create a SmartGroup for RS2 (Remote Site 2).
-
Create a DCF rule to allow traffic from RS1 to VPC2.
-
Create a DCF rule to deny traffic from RS2 to VPC2.
-
Create a DCF Egress rule to allow specific web domains from RS1 to the Internet.
-
Create a DCF rule to allow TCP/22 traffic from VPC1 to RS2.