Stateful Firewall FAQ

What is Aviatrix Stateful Firewall?

Aviatrix stateful firewall is feature on the Aviatrix gateway. It is a L4 stateful firewall that filters network CIDR, protocol and port on the packet forwarding path.

The stateful firewall allows each individual rule to be defined as Allow, Deny and Force Drop, in addition to a base rule.

How many rules can be configured on a gateway?

Currently you can configure up to 500 rules on each gateway. This limitation is not due to the lack of capacity in the gateways, but is because of the implementation of how rules are sent to the gateways.

In the next release (5.2), the limitation will be removed.

What is the API to configure stateful firewall?

The API for the stateful firewall can be found here..

Follow the example in the API doc to setup multiple rules.

Currently the API call requires you to input the entire set of the rules for each call. There is no incremental append or delete functions.

In the next release (5.2), there will be new APIs to append new rules and delete a specific rule.

Is there limitation on the number of tags?

There is no limitation on the number of tags.

How to configure stateful firewall?

Follow the instructions described in this link.