Virtual firewalls

The Virtual firewall is a software-based or software-hardware solution that monitors network packets and blocks or allows their transmission. When filtering traffic, a virtual firewall relies on predefined parameters, commonly referred to as firewall rules or security groups.

A security group is a set of configurable allow traffic rules that can be assigned to the ports of virtual servers.

By default, each client has a default security group created in every region, allowing all traffic in any direction. Network traffic passing through the firewall is matched against the rules to determine whether it should be allowed or denied.

Creation security group

To create a security group:

1. In the Control panel go to the Cloud → Firewalls section and click Create.

2. Enter a name for the security group. Latin letters, numbers, and symbols are allowed.

3. Select the region where the security group will be created.

   The firewall will be available in all zones within the selected region.

   The following regions are available:

   • Warsaw, Poland

   • Miami, USA

   • Dallas, USA

   • San Francisco, USA

   • Manila, Philippines

   • Almaty, Kazakhstan

4. In the Description section, you can add a note describing the purpose of the security group.

5. Click Create security group.

Editing security group

To edit a security group:

1. In the Control panel go to the Cloud → Firewalls section.

2. Click More for the selected group.

3. The security group details page will open, where you can:

   • Change the security group name.

   • Add a rule to the rules table.

   • Attach the group to servers.

4. When a security group is created, two egress rules for IPv4 and IPv6 are added by default, allowing all ports and protocols for outbound traffic. If necessary, any rule can be deleted by clicking the trash icon.

5. To add a new rule, click Add rule:

   • Select the traffic direction: ingress (inbound) or egress (outbound).

   • Specify the traffic type: IPv4 or IPv6.

   • Select the protocol: ICMP, TCP, UDP, or any.

     If TCP or UDP is selected, you can specify a single port, a port range, or allow all ports.

     If ICMP is selected, you can specify its Type and Code, or leave these fields blank.

   • Configure the address for which the selected traffic type will be allowed.

   You can specify a network address in CIDR format or select a security group. In the latter case, traffic from servers that belong to the selected group will be allowed.

6. To add the rule click Save rule.

7. Attach the created security group to a server by clicking Connect in the Connection with servers section. Then select the required server from the list of servers in the region and click Connect.