The page has been translated by Gen AI.

How-to guides

The user can enter the required information for the Firewall service through the Samsung Cloud Platform Console, select detailed options, and create the service.

Firewall Create

You can create and use the Firewall service from the Samsung Cloud Platform Console.

Notice

Firewall service must be enabled in the prerequisite service of Networking to be created. An enabled Firewall can be seen in the Firewall list.

  • Firewall cannot be created independently as a new entity like other services of the Samsung Cloud Platform Console.

To set up the firewall, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Go to the Firewall’s Service Home page.

  2. Click the preceding service to be created on the Service Home page. You will be taken to the service creation page.

    • Create VPC: Enable the Internet Gateway and Transit Gateway firewall of the VPC service.
      • When creating the VPC’s Internet Gateway service, set the Firewall usage item to enabled. For detailed explanation, refer to Create Internet Gateway.
      • Create the VPC’s Transit Gateway service and apply for the Uplink Firewall’s linked service. For detailed instructions, refer to Create Transit Gateway.
    • Direct Connet Creation: When creating a Direct Connet service, set the Firewall Use item to Enabled. For detailed instructions, see Create Direct Connect.
    • Load Balancer creation: When creating a Load Balancer service, set the Firewall usage item to enabled. For detailed description, refer to Load Balancer creation.

  3. When the prerequisite service creation is completed, check whether the corresponding Firewall resource is displayed in the Firewall list.

Firewall Check detailed information

The Firewall service can view and edit the full resource list and detailed information in the resource management menu.

To view detailed firewall information, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Go to the Firewall’s Service Home page.
  2. Service Home on the page, click Firewall list. Firewall list page will be opened.
    • Firewall list On the page, you can see the information below.
      CategoryDetailed description
      Firewall nameFirewall pre-service type automatically generated in Firewall format
      Firewall classificationFirewall preceding service type (Internet Gateway, Direct Connect, Load Balancer)
      SizeUser-selected Firewall size
      VPC nameVPC name connected to Firewall
      Connection NameAutomatically generated in the format of preceding service name_Firewall using Firewall
      Number of rulesNumber of rules used in the firewall
      UsageWhether Firewall is used (enabled) or not used (disabled)
      • If not used, the Any Allow rule is applied and no charges are incurred for the Firewall
      StatusFirewall status display
      • Click the More button to set On/Off
      Table. Firewall resource list items
  3. Firewall List Click the resource to view detailed information on the page. Firewall Detail You will be taken to the page.
  • Firewall Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity History tabs.
    CategoryDetailed description
    Service statusFirewall status display
    • Creating: Creating
    • Active: Active
    • Editing: Editing
    • Deploying: Deploying
    • Deleting: Deleting
    • Error: Error
    Table. Firewall status information

Detailed Information

You can view detailed information of the selected resource from the Firewall list and, if necessary, edit the information.

CategoryDetailed description
ServiceService Name
Resource TypeResource Type
SRNUnique resource ID in Samsung Cloud Platform
Resource NameResource Name
Resource IDService’s unique resource ID
CreatorUser who created the service
Creation TimeService Creation Time
EditorUser who modified the service information
Modification Date/TimeDate/Time when service information was modified
Firewall nameAutomatically generated as resource name_Firewall_connection name
Firewall IDservice’s unique resource ID
Firewall classificationFirewall preceding service type(Internet Gateway, Direct Connect, Load Balancer)
SizeFirewall size selected by the user
  • Click the Edit icon to change the settings
Firewall Rule count/QuotaRule quota and number of rules in use for the firewall
VPC nameVPC name connected to Firewall
VPC IDVPC ID connected to firewall
Connection NameFirewall Preceding Service Name_Automatically generated as Firewall
Log storage statusFirewall log storage status
  • Use: Save logs
  • Not used: Do not save logs
  • Edit icon can be clicked to change settings
Table. Firewall detailed information

Rules

Rule tab, you can view the Firewall rule list and add, edit, or delete rules.

CategoryDetailed description
Excel downloadRule bulk input Excel file download button
Batch rule inputExcel file upload button for batch rule input
Detailed SearchRule Detailed Search Button
Add ruleAdd rule button
OrderRule order, applied top-down according to rule order
Rule IDUnique ID value for the rule
Rule IndexUnique Index value for the rule, used in log analysis
Departure addressDeparture address added to the rule
Destination addressDestination address added to the rule, displayed as an IP address according to the entered rule
ServiceProtocol and Destination Port
ActionTraffic Allow/Deny classification by rule
  • Allow: Allow traffic when matched to the rule
  • Deny: Block traffic when matched to the rule
DirectionFirewall standard traffic access direction
  • Inbound: External → Internal
  • Outbound: Internal → External
Active statusActive status of the rule, if inactive the rule does not operate
ExplanationAdditional description written by the user
  • Up to 255 characters can be entered
StatusRule status display
More > Change OrderChange the order of the selected rule
More > ActivateEnable the rule in disabled state
More > DisableDisable active rules
  • Rules created by bulk input are added in disabled state
More > CopyCopy existing rule settings to add a new rule
More > DeleteDelete selected rule
Table. Firewall rule list detailed information

tag

Firewall List page you can view the tag information of the selected resource, and you can add, modify, or delete it.

CategoryDetailed description
Tag ListTag List
  • Can view the tag’s Key, Value information
  • Up to 50 tags can be added per resource
  • When entering tags, search and select from the existing list of Keys and Values
Table. Firewall Tag Tab Items

Work History

You can view the operation history of the selected resource in the Firewall list.

CategoryDetailed description
Work History ListResource Change History
  • Work date and time, resource name, work details, work result, worker information check
  • Click the button to perform detailed search
Table. Firewall task history tab detailed information items

Firewall Rule Management

You can add, modify, or delete firewall rules.

Create Rule

Rule in the tab you can add Firewall rules.

To add a firewall rule, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Navigate to the Firewall’s Service Home page.
  2. Click Firewall List on the Service Home page. You will be taken to the Firewall List page.
  3. Firewall List Click the resource to add a rule on the page. Firewall Details Navigate to the page.
  4. Firewall Details on the page click the Rules tab. Navigate to the Rules tab page.
  5. Click the Add Rule button in the Rule tab. It will navigate to the Add Rule popup.
Caution
When entering the destination address, if you change the address type to add a rule, be careful because the entered items are reset.
CategoryRequiredDetailed description
Departure addressRequiredDeparture address to add to the rule
  • You can input multiple addresses up to a maximum of 128 at once using CIDR (IP/Subnet Mask) format with commas (,), range (-)
Destination AddressRequiredSelect the type of destination address to add to the rule
  • IP Selection: Using CIDR (IP/Subnet Mask) format, you can input multiple addresses at once using commas (,) and ranges (-), up to a maximum of 128
  • Domain Selection: You can input full domain names in FQDN format using commas (,), up to a maximum of 128 at once
TypeRequiredSelect protocol type to apply rule
  • Destination Port/Type selection: Select protocol kind
  • Internet Protocol: Enter protocol number, up to 128 can be entered
  • All: Destination Port/Type, select protocol for the entire range, meaning all ports for all protocols
ProtocolRequiredProtocol
  • Select the protocol the user wants among TCP, UDP, ICMP
  • The input items differ depending on the selected protocol
Destination PortRequiredAllowed port setting when TCP/UDP is selected in the protocol
  • SSH, HTTP, TELNET, etc. well known ports can be selected
  • When entering manually, you can input values from 1 to 65,535, and you can input up to 128 at once using commas (,), range (-)
  • Click the Add button to add input values
TypeRequiredICMP Type setting when ICMP is selected in the protocol
  • Among the values defined as ICMP Types, frequently used types such as Echo can be selected and used
  • When entering manually, you can specify a range using ‘start value-end value’
  • Click the Add button to add input values
Protocol NumberRequiredEnter protocol number when Internet Protocol is selected in type
  • 1 ~ 254 Values can be entered
ActionRequiredTraffic allow/block distinction
  • Allow: Traffic allowed when matched to rule
  • Deny: Traffic blocked when matched to rule
DirectionRequiredAccess direction of traffic based on firewall standards
  • Inbound: External → Internal
  • Outbound: Internal → External
Rule locationRequiredSpecify the location of the rule to be created and select the rule name
DescriptionChoiceAdditional description written by the user
  • Up to 255 characters can be entered
Table. Firewall rule addition detailed items
  1. After checking the rule to add, click the Confirm button.

Create Rules in Bulk

To add multiple firewall rules at once, follow these steps.

  1. All Services > Networking > Firewall Click the menu. Navigate to the Firewall’s Service Home page.
  2. Click Firewall list on the Service Home page. Navigate to the Firewall list page.
  3. Firewall List Click the resource to add a rule on the page. Firewall Details Navigate to the page.
  4. Click the Rules tab on the Firewall Details page. You will be taken to the Rules tab page.
  5. Click the Excel Download button in the Rules tab. The bulk rule entry Excel file will be downloaded.
  6. Enter the rule information in the batch input Excel file and then save.
  7. Click the Bulk Rule Input button. Bulk Rule Input popup appears.
  8. Batch Rule Input in the popup window, click Attach File to attach the Excel file you created, and click Upload File.
    • If the attached Excel file format differs from the registration form or the file is encrypted, it cannot be uploaded.
    • The maximum number of batch registration rules that can be uploaded at once is 100. If you exceed the maximum number of registration rules, you cannot upload.
    • If you exceed the maximum number of rules that can be registered to the Account, you cannot upload the file.
  9. Rule Check Check the details in the popup window and click the Confirm button.
Caution
Rules added with the bulk input feature are added in a disabled state. To use the rule, click More > Enable to change it to an enabled state.

Edit Rules

From the Firewall rule list, you can select a specific rule to view and edit the rule.

If you want to modify the Firewall rules, follow the steps below.

  1. All Services > Networking > Firewall Please click the menu. Navigate to the Firewall’s Service Home page.
  2. Service Home on the page, click Firewall list. Navigate to the Firewall list page.
  3. Click the resource to edit the rule on the Firewall List page. You will be taken to the Firewall Details page.
  4. Click the Rules tab on the Firewall Details page. Navigate to the Rules tab page.
  5. Click the rule you want to edit on the Rule tab page. It will navigate to the Rule Details popup window.
  6. Rule Details In the popup window, click the Edit button. Navigate to the Rule Edit popup window.
  7. Rule Edit Enter the item you want to edit in the popup window and click the Confirm button.
    CategoryRequired?Detailed description
    Order-The order of the rules. To change the order, click More > Change Order in the rule list.
    Rule ID-Unique ID value for the rule cannot be changed
    Rule Index-Unique Index value for the rule, can be used for log analysis
    Departure addressRequiredDeparture address registered in the rule
    • Can be changed by entering multiple addresses at once using CIDR (IP/Subnet Mask) format with commas (,), ranges (-), up to a maximum of 128 addresses
    Destination AddressRequiredDestination address to add to the rule
    • Can input multiple addresses up to 128 at once using CIDR (IP/Subnet Mask) format with commas (,), range (-)
    ProtocolRequiredProtocol registered in the rule
    • You can select and change to the desired protocol among TCP, UDP, ICMP, ALL values
    • ALL means all ports for all protocols
    Destination PortRequiredTCP/UDP destination ports registered in the rule
    • You can select well-known ports such as SSH, HTTP, TELNET and change them
    • When entering manually, you can input values from 1 to 65,535, and you can use commas (,) or ranges (-) to input up to 128 at once for changes
    TypeRequiredICMP Type registered in the rule
    • Among values defined as ICMP Type, frequently used Types such as Echo can be selected and changed
    • When entering directly, you can specify a range using start value-end value to change
    Protocol NumberRequiredEnter Protocol Number
    • 1 ~ 254 Value input possible
    ActionRequiredAbility to change traffic Allow/Deny classification due to rules
    • Allow: Traffic allowed when matched to rule
    • Deny: Traffic blocked when matched to rule
    DirectionRequiredAbility to change the access direction of traffic based on the firewall criteria registered in the rule
    • Inbound: external → internal
    • Outbound: internal → external
    Active status-Active status of the rule, if inactive the rule does not operate
    Status-Status value for the rule
    DescriptionChoiceAdditional description written by the user
    • Can be changed by entering up to 255 characters
    Table. Firewall Rule Modification Details

Delete Rule

Caution
You can delete only when the firewall is in Active state and the rule is in Active or Error state.

To delete the firewall rule, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Navigate to the Firewall’s Service Home page.
  2. Click Firewall List on the Service Home page. It navigates to the Firewall List page.
  3. Firewall List page, click the resource to edit the rule. Firewall Details page will be opened.
  4. Firewall Details page, click the Rules tab. Navigate to the Rules tab page.
  5. In the Rules tab, click More > Delete for the rule you want to delete.

Firewall Resource Management

You can modify the Firewall size and change the log usage settings.

Firewall Resize

To modify the Firewall size, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Navigate to the Firewall’s Service Home page.
  2. Click Firewall list on the Service Home page. Navigate to the Firewall list page.
  3. Click the resource to edit on the Firewall List page. Navigate to the Firewall Details page.
  4. Firewall Details page, click the Size Edit icon. It will navigate to the Size Edit popup.
  5. Resize In the popup window, select the size to modify, and click the Confirm button.
Reference

The Firewall size is provided as default Extra Small (rule quota 5), and you can change the Firewall size to add Firewall rules for use. For more details, please refer to Firewall Constraints.

  • Firewall fees are charged based on the size of the Firewall service and traffic throughput.

Using Log Saving

Reference

To store firewall logs, first create a bucket in Object Storage to store the logs, and set that bucket in the log repository of Firewall Logging. Then, when you set log storage in the firewall detail view, the firewall logs will be stored in the Object Storage bucket.

  • The log storage settings can be checked in Firewall Logging. For more details, refer to Firewall Logging.
  • If you set up the log repository, Object Storage charges for log storage will be billed.

To use Firewall log storage, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Service Home Navigate to the page.
  2. Click the Firewall menu on the Service Home page. Navigate to the Firewall List page.
  3. Firewall list page, click the resource (Firewall) to use log storage. Firewall detail page is accessed.
  4. Click the Edit icon of Log Save Status on the Firewall Details page. Edit Log Save Status popup window will open.
  5. Log storage modification In the popup window, select Use of the log storage, and click the Confirm button.
Caution
If the log storage setting is not configured in Firewall Logging, you cannot set the log storage use setting.

Disable log saving

Firewall To set log storage to disabled, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Navigate to the Service Home page.
  2. Click the Firewall menu on the Service Home page. Go to the Firewall list page.
  3. Click the resource (Firewall) that will not use log storage on the Firewall List page. Go to the Firewall Details page.
  4. Edit Log Save Option Click the button. Edit Log Save Option It will move to the popup window.
  5. Modify log storage setting In the popup window, deselect Use for the log storage, and click the Confirm button.
  6. Notification Check the popup window’s message and click the Confirm button.
Caution
If log storage is disabled, the log storage for the service will be stopped, and in the event of a security incident, tracking management through log analysis will be impossible.

Firewall Disable setting

Firewall service cannot be deleted alone. If you delete the preceding service, the connected Firewall will be deleted together. If you do not use the firewall while maintaining the preceding service, you can change the firewall to an unused state on the firewall list page.

Caution
  • If you change the firewall to an unused state, all previously registered rules will be deleted.
  • If there are firewall rules connected when deleting a prerequisite service, you cannot delete it. Delete the firewall rules first before deleting the prerequisite service.

To disable the firewall, follow the steps below.

  1. All Services > Networking > Firewall Click the menu. Service Home Navigate to the page.
  2. Click the Firewall menu on the Service Home page. Go to the Firewall List page.
  3. On the Firewall list page, click More > Unused for the resource to be switched to unused.
  4. After the usage change is completed, check on the Firewall list page whether the resource’s usage status has changed to unused.
Overview
Firewall Logging