The page has been translated by Gen AI.
How-to guides
Users can create the Firewall service by entering the required information and selecting detailed options through the Samsung Cloud Platform Console.
Create Firewall
You can create and use a Firewall service in the Samsung Cloud Platform Console.
guide
The Firewall service must be enabled in the prerequisite service of Networking to be created. The enabled Firewall can be viewed in the Firewall list.
- Firewalls cannot be created independently, unlike other services in the Samsung Cloud Platform Console.
To enable the firewall, follow these steps.
Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
On the Service Home page, click the service you want to create. You will be redirected to the service creation page.
- VPC Creation: Configure the VPC service’s Internet Gateway and Transit Gateway firewall.
- When creating a VPC’s Internet Gateway service, set the Use Firewall option to Enabled. For detailed instructions, refer to Create Internet Gateway.
- Create a Transit Gateway service for the VPC and apply for the associated service of the Uplink Firewall. For detailed instructions, refer to Create Transit Gateway.
- Direct Connet Creation: When creating a Direct Connect service, set the Firewall Use option to Enabled. For detailed instructions, refer to Direct Connect 생성하기.
- Load Balancer Creation: When creating a Load Balancer service, set the Firewall Use option to Enabled. For detailed instructions, see Load Balancer Creation.
- VPC Creation: Configure the VPC service’s Internet Gateway and Transit Gateway firewall.
After the prerequisite service creation is complete, verify that the corresponding Firewall resource appears in the Firewall list.
Check firewall detailed information
The Firewall service can view and edit the full resource list and detailed information in the resource management menu.
To view detailed information about the firewall, follow these steps.
- Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.
- On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
- The Firewall List page shows the information below.
Category Detailed description Firewall name Automatically generated in the Firewall pre-service type_Firewall format Firewall classification Firewall pre-service type (Internet Gateway, Direct Connect, Load Balancer) Size User-selected Firewall size VPC name VPC name connected to the firewall Connection name Automatically generate in the format preceding service name_Firewall for services using Firewall. Number of rules Number of rules used on this firewall Whether to use Whether the firewall is used (enabled) or not used (disabled) - If not used, the Any Allow rule is applied and no charges are incurred for the firewall
status Firewall status display - More button can be clicked to set On/Off
Table. Firewall resource list items
- The Firewall List page shows the information below.
- On the Firewall List page, click the resource to view detailed information. It navigates to the Firewall Details page.
- Firewall Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity Log tabs.
Category Detailed description Service status Firewall status display - Creating: In progress
- Active: Operational
- Editing: In progress
- Deploying: Completed
- Deleting: In progress
- Error: Occurred
Table. Firewall status information
- Firewall Details page displays status information and additional feature information, and consists of Details, Rules, Tags, Activity Log tabs.
Detailed Information
On the Firewall List page, you can view detailed information of the selected resource and, if necessary, edit the information.
| Category | Detailed description |
|---|---|
| Service | Service name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Name |
| Resource ID | Service’s unique resource ID |
| constructor | User who created the service |
| Creation date and time | Service creation timestamp |
| Editor | User who edited the service information |
| Modification date and time | Date and time the service information was modified |
| Firewall name | Automatically generated as the connection name for the resource name_Firewall |
| Firewall ID | Service’s unique resource ID |
| Firewall classification | Firewall prerequisite service types (Internet Gateway, Direct Connect, Load Balancer) |
| Size | The Firewall size selected by the user
|
| Firewall rule count/quota | The firewall’s rule quota and the number of rules currently in use |
| VPC name | VPC name connected to the Firewall
|
| VPC ID | VPC ID connected to the firewall |
| Connection name | {Firewall Prerequisite Service Name_Firewall} automatically generated
|
| Log saving option | Firewall log storage option
|
Table. Firewall detailed information
Rule
On the Firewall List page, you can view the rule list of the selected resource and add, modify, or delete rules.
| Category | Detailed description |
|---|---|
| Excel download | Download the currently entered rule list as an Excel (*.xlsx) file |
| Advanced Search | Search for rules that match the conditions set by the user
|
| Rule modification | Rules displayed in the rule list can be edited and deleted
|
| Add rule | Add new Firewall rule
|
| Order | Display rule order, apply top-down according to the rule order |
| Rule ID | Unique ID value for the rule
|
| Rule Index | Unique index value for the rule, used in log analysis |
| Source address | Origin address added to the rule |
| Destination address | Destination address added to the rule, displayed as the IP address according to the entered rule. |
| Service | Protocol and Destination Port |
| Operation | Traffic Allow/Deny distinction due to rules
|
| direction | Firewall traffic direction criteria
|
| Active status | Indicates whether the rule is active; if it is inactive, the rule does not operate. |
| status | Rule status display |
Table. Firewall rule list detailed information
tag
Firewall List page lets you view the tag information of the selected resource, and add, modify, or delete it.
| Category | Detailed description |
|---|---|
| Tag list | Tag list
|
Table. Firewall Tag Tab Items
Job History
On the Firewall List page, you can view the operation history of the selected resource.
| Category | Detailed description |
|---|---|
| Task History List | Resource Change History
|
Table. Firewall operation history tab detailed information items
Firewall Rule Management
You can add, modify, or delete firewall rules.
Caution
- You can add or modify rules only when the firewall status is Active.
- If you do not have permission to view the status in the preceding service, you cannot add a rule.
Reference
- The firewall periodically caches the domain rules registered by the user and retains the IP information for a certain period.
- If the cached result of the registered domain rule does not match the user’s IP, communication may be restricted.
Create Rule
In the Rules tab, you can directly input firewall rule information to add it.
To add a firewall rule, follow the steps below.
- Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
- On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
- On the Firewall List page, click the resource to which you want to add a rule. You will be taken to the Firewall Details page.
- On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
- Click the Add Rule button on the Rules tab. You will be taken to the Add Rule page.
- Enter the required information on the Manual Input tab page.
- After checking the added rules, click the Complete button.
Caution
On the rule addition page, if you navigate to another page without clicking the Confirm button after entering content, all entered items will be reset, so please be careful.
| Category | Required? | Detailed description |
|---|---|---|
| Rule location | Required | Specify the location of the rule to create |
| Rule ID to copy | Selection | Enter the Firewall rule ID to copy and click the Search button to select. |
| Source address | Required | Source addresses to add to the rule
|
| Destination address | Required | Select the type of destination address to add to the rule
|
| type | Required | Select protocol type to apply the rule
|
| Type > Protocol | Required | Select detailed protocol for the type
|
| Operation | Required | Traffic allow/deny classification based on rules
|
| Direction | Required | Firewall-based traffic direction
|
| Explanation | Selection | Additional description provided by the user |
| Added rule | - | Entered rules verification list
|
Table. Add firewall rule > Direct input tab item
| Destination | Required | Destination address type to add to the rule
- Select IP or FQDN
- You can input multiple addresses at once, up to a maximum of 128, using CIDR (IP/Subnet Mask) format with commas (,) and ranges (-)
- Domain names can be entered in bulk using Comma(,) for up to 128 addresses at once
Batch create rules
To add multiple Firewall rules at once, follow these steps.
- Click the All Services > Networking > Firewall menu. Navigate to the Firewall’s Service Home page.
- On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
- On the Firewall List page, click the resource to which you want to add a rule. You will be taken to the Firewall Details page.
- On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
- Click the Add Rule button on the Rule tab. You will be taken to the Add Rule page.
- Add Rule on the Batch Rule Input tab, click it.
- Please select the rule location. If you do not select a location, it will be added at the very last order of the rule.
- From File Selection, click the Download Form button. The bulk rule entry Excel file will be downloaded.
- Enter the rule information into the batch rule input Excel file, then save it.
- From File Selection, click Attach File to attach the Excel file you created, and click Add.
- You cannot upload if the attached Excel file format differs from the registration form or if the file is encrypted.
- You can upload up to 100 batch registration rules at a time. Uploads are not allowed if you exceed the maximum number of registration rules.
- If the number of rules set for the firewall size is exceeded, you cannot upload the file.
- Added rule Check that the rule you entered appears in the list and adjust its order.
- After checking the added rules, click the Complete button.
Modify Rules
You can select a firewall rule to view and edit its information.
To modify firewall rules, follow the steps below.
Click the All Services > Networking > Firewall menu. Go to the Service Home page of Firewall.
On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
Firewall List page, click the resource to edit the rule. You will be taken to the Firewall Details page.
On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
Click the Edit Rule button on the Rules tab. You will be taken to the Edit Rule page.
- On the rule edit page, you can configure the items below.
- Enable: Enables the selected rule.
- Disabled: Disables the selected rule. Disabled rules are not applied to preceding services.
- Delete: Delete the selected rule. Clicking Delete will mark the change as Pending Deletion.
- Cancel Deletion: If it is in a pending deletion state, you can cancel the rule deletion.
- On the rule edit page, you can configure the items below.
On the Edit Rule page, click the Edit button for the item you want to modify. The Edit Rule popup will open.
Rule Edit Enter the item you want to modify in the popup window and click the Confirm button.
Category Required? Detailed description Order - The order of rules can be changed by clicking Move Up/Move Down in the added rule list. Rule ID - Cannot be changed to a unique ID value for the rule Rule Index - Unique index value for the rule, usable in log analysis Source address Required Source addresses registered in the rule - in CIDR (IP/Subnet Mask) format, using commas (,) and ranges (-), can be entered and modified up to a maximum of 128 at once
Destination address Required Destination address to add to the rule - in CIDR (IP/Subnet Mask) format, using commas (,) and ranges (-) to input multiple addresses at once, up to a maximum of 128, for modification
type Required Set the protocol type according to the selected destination address entry Operation Required Traffic Allow/Deny classification can be changed by rules - Allow: Allow traffic when it matches the rule
- Deny: Block traffic when it matches the rule
direction Required The access direction of traffic defined by the firewall rule can be changed - Inbound: external → internal
- Outbound: internal → external
Rule location Required Rule position can be changed Active status Required Whether the rule is active; if it is disabled, the rule does not operate. status - State value for the rule description Select User-provided additional description Table. Detailed items for firewall rule modificationAfter reviewing the updated rules, click the Complete button.
Delete rule
Caution
You can delete only when the firewall is in Active state and the rule is in Active or Error state.
To delete a firewall rule, follow the steps below.
- Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.
- On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
- Click the resource to edit the rule on the Firewall List page. Navigate to the Firewall Details page.
- On the Firewall Details page, click the Rules tab. You will be taken to the Rules tab page.
- In the Rule tab, click the Edit Rule button. You will be taken to the Edit Rule page.
- On the Edit Rule page, select the rule to delete and click the Delete button.
- When the deletion request is completed, the change item will be marked as Scheduled for deletion.
- Click Cancel Deletion to cancel the rule deletion.
- On the Edit Rule page, click the Complete button.
Managing Firewall Resources
You can modify the firewall size and change the log usage settings.
Modify Firewall Size
To modify the size of the firewall, follow these steps.
- Click the All Services > Networking > Firewall menu. Go to the Firewall’s Service Home page.
- On the Service Home page, click Firewall List. You will be taken to the Firewall List page.
- Click the resource to edit on the Firewall List page. Navigate to the Firewall Details page.
- On the Firewall Details page, click the Size Edit icon. You will be taken to the Size Edit popup.
- Resize In the popup window, select the size to adjust, and click the Confirm button.
Reference
The firewall size is provided as the default Extra Small (rule quota 5), and you can change the firewall size to add firewall rules for use. For more details, refer to Firewall Constraints.
- Firewall fees are charged based on the size of the Firewall service and traffic throughput.
Using Log Storage
Reference
To store firewall logs, first create a bucket in Object Storage for the logs and configure that bucket in the log repository of Firewall Logging. Then, by setting log storage in the firewall detail view, firewall logs will be saved to the Object Storage bucket.
- The log storage settings can be checked in Firewall Logging. For more information, see Firewall Logging.
- If you configure a log repository, Object Storage charges for log storage will be applied.
To use firewall log storage, follow these steps.
- Click the All Services > Networking > Firewall menu. Go to the Service Home page.
- On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
- Firewall List page, click the resource (Firewall) for which you want to enable log storage. You will be taken to the Firewall Details page.
- On the Firewall Details page, click the Edit icon of Log Save Setting. You will be taken to the Edit Log Save Setting popup.
- Modify Log Saving Option In the popup window, select Use for the log repository, and click the Confirm button.
Caution
If the log storage is not configured in Firewall Logging, you cannot configure the log storage use setting.
Disable log storage
To set firewall log storage to disabled, follow these steps.
- Click the All Services > Networking > Firewall menu. You will be taken to the Service Home page.
- On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
- Firewall List page, click the resource (Firewall) that does not use log storage. You will be taken to the Firewall Details page.
- Click the Modify Log Save Setting button. You will be taken to the Modify Log Save Setting popup.
- Modify Log Saving Option In the popup window, deselect Use for the log repository, and click the Confirm button.
- Notification Check the message in the popup window and click the Confirm button.
Caution
If log storage is disabled, the service’s log storage will be halted, and tracking through log analysis will be impossible in the event of a security incident.
Disable Firewall
The Firewall service cannot be deleted on its own. Deleting the preceding service will also delete the associated Firewall. When you choose not to use the firewall while retaining the preceding service, you can set the firewall to an unused state on the firewall list page.
Caution
- If you change the firewall to an unused state, all previously registered rules will be deleted.
- You cannot delete a preceding service if there are firewall rules associated with it. Delete the firewall rules before deleting the preceding service.
To disable the firewall, follow these steps.
- Click the All Services > Networking > Firewall menu. You will be taken to the Service Home page.
- On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
- On the Firewall List page, click More > Unused for the resources you want to mark as unused.
- After the usage change is completed, verify on the Firewall List page that the resource’s usage status has been changed to unused.