Firewall settings

The integrated firewall allows to easily define and apply policies to the VPN traffic. This improves security and reduces traffic between Runtime and the UBIQUITY Tools. A firewall policy needs to be configured before application. UBIQUITY features a rich pre-defined policy library that is available and maintained at server-level and importable through the domain.

A firewall policy includes a set of firewall rules that may come as a pre-set configuration or can be set up as needed.

You can activate a determined and pre-set firewall policy for a domain or subdomain (a folder) or a device.

  1. Access UBIQUITY Manager and the Domain view section.
  2. Click on the Add resource (circled plus icon) next to the folder or device for which you wish to activate a firewall.
  3. You can create or import firewall rules, depending on whether you wish to create a policy by customizing rules or use an existing set of rules.
    1. To import a firewall policy from the UBIQUITY Manager server, click on the circled plus icon next to a folder or a device and select Import firewall policy.
      1. Select the firewall policy that you wish to associate with your folder or device.
        Note: Children folders will inherit the firewall policy assigned to the related parent folder.
    2. To create a firewall policy, click on the circled plus icon next to a folder or a device and select Create firewall policy. Then, name the firewall policy and set firewall rules as needed.
Tip:

You can also associate a firewall policy with a folder or device by selecting these latter on the left pane of the Domain view section and expand the Firewall pane on the right. Associate a firewall policy by clicking on the circled plus icon.

In this section, you can also Allow or Deny any transactions coming from inherited firewell policies.

Firewall polices transactions are set to Allow by default, so you should set any to Deny as needed. To enhance safety, you can set all the firewall policies transactions to Deny instead, and set to Allow only specific protcols and IP addresses.

The firewall policies applied to a folder are inherited by the devices stored therein. Flag the Do not inherit Firewall policies entry in the firewall section on the right pane to avoid inheritance of the policies associated with the parent folder.

You can access any firewall policies assigned to a device or a folder by expanding the lines next to the shield symbol in the left pane of the Domain view section. Click on each firewall policy to see the related firewall rules in the Firewall Rules pane on the right.

Note: You can edit imported or newly created firewall rules, cancel them or create any new ones by clicking on the circled plus, pencil and bin icons located at the top of the Firewall Rules pane on the right.

Firewall custom policy

To define a firewall custom policy:

  1. Access UBIQUITY Manager and the Domain view section.
  2. Select the folder for which you wish to define a firewall policy.
  3. Click on the Add resource button and select Create firewall policy. Enter the firewall policy name, then select Save.
  4. Click on Firewall on the right pane and select the circled plus iconm to open the Associate firewall policy.
  5. Select the newly created firewall policy.
  6. Define User account or Group and set to Allow or Deny.
  7. The policy shows up on the left pane, as a child of the folder that was initially selected. Select it and select Firewall Rules on the right pane.
  8. Slect the circled plus button and the Create firewall rule shows up.
  9. Select the MAC Address and the Ethernet Type from the drop-down menu.

The VPN supports data-link layer virtualization, so this integrated firewall allows to define policies operating on several Ethernet packages that are sequentially verified.