Skip to main content

Overview

WebGroups in the Aviatrix Distributed Cloud Firewall (DCF) allow you to define groups of web resources based on URLs, domains, or FQDNs (Fully Qualified Domain Names). These groups can then be referenced in firewall rules to control egress traffic to specific web destinations.

What are WebGroups?

WebGroups are logical groupings of web-based destinations that you can use as targets in your DCF rules. Instead of managing individual URLs or domains in each firewall rule, you can create a WebGroup that contains multiple web resources and reference that group in your policies.

Use Cases

WebGroups are commonly used for:
  • Egress Filtering: Control which external websites and services your workloads can access
  • Compliance: Ensure traffic only flows to approved web destinations
  • Security: Block access to known malicious domains or restrict access to specific categories of websites
  • Application Access: Allow access to specific SaaS applications or cloud services

Creating a WebGroup

To create a WebGroup:
  1. Navigate to Security > Distributed Cloud Firewall > WebGroups.
  2. Click + WebGroup to create a new group.
  3. Provide a name and optional description for the WebGroup.
  4. Add the web resources to the group using one of the following methods:
    • URLs: Specify full URLs (e.g., https://example.com/path)
    • Domains: Specify domain names (e.g., example.com)
    • FQDNs: Specify fully qualified domain names with wildcards (e.g., *.example.com)
  5. Click Save to create the WebGroup.

WebGroup Types

WebGroups support different types of web resource definitions:
TypeDescriptionExample
DomainBase domain nameexample.com
FQDNFully qualified domain namewww.example.com
Wildcard FQDNFQDN with wildcard prefix*.example.com
URLFull URL pathhttps://example.com/api

Using WebGroups in Rules

Once created, WebGroups can be referenced in DCF rules:
  1. Navigate to Security > Distributed Cloud Firewall > Rules.
  2. Create or edit a rule.
  3. In the Destination field, select the WebGroup you created.
  4. Configure other rule parameters as needed (action, logging, etc.).
  5. Save the rule.

Best Practices

  • Organize by Function: Create WebGroups based on application or service category (e.g., “Approved SaaS Apps”, “Cloud Provider APIs”)
  • Use Descriptive Names: Name WebGroups clearly to indicate their purpose
  • Regular Review: Periodically review WebGroups to ensure they contain current and relevant destinations
  • Minimize Wildcards: Use specific FQDNs when possible; wildcards should be used judiciously