Distributed Cloud Firewall

This section provides the purpose, elements, and actions performed on the Distributed Cloud Firewall pages.

Policies
Monitor
DCF Audit
Settings

Purpose

The Policies page creates and manages distributed firewall policies for securing traffic across the multi-cloud environments.

Elements

+ Rule button: Starts the workflow to create a new firewall rule.
Manage Rulesets: Opens the dialog to create, edit, or manage rulesets (groupings of rules). Create rulesets before adding rules to them (Controller 8.0 or later).
Actions button: Provides options to Reset Traffic Count, Turn On Enforcement, Turn Off Enforcement, Turn On Logging, and Turn Off Logging.
Policy Table: Displays the rule names and their details.
Edit button: Modifies an existing firewall rule in the table.
Move button: Changes the priority order of the firewall rules.
Delete button: Removes an existing firewall rule from the table.

Actions

View Ruleset

Each ruleset is a grouping of DCF rules with a priority that determines evaluation order.To view rulesets and the rules within a ruleset:

Go to Security > Distributed Cloud Firewall > Policies.
The Policies page appears with the ruleset list and the Policy Table.
To view the full list of rulesets and their order, click Manage Rulesets.
The Manage Rulesets dialog displays all rulesets and their priority order.
Click Close to return to the Policies tab.
On the Policies tab, select a ruleset from the ruleset list (dropdown or selector).
The Policy Table shows the rules in that ruleset.
Optionally, use Search or Filter to find a rule within the ruleset.

Note: Save changes for the current ruleset before switching to another.

Requires Controller version 8.0 or later.

Create a DCF Ruleset

Create a ruleset before adding rules to it. You must use Controller version 8.0 or later to use DCF rulesets.To create a ruleset:

Go to Security > Distributed Cloud Firewall > Policies.
Click Manage Rulesets.
The Manage Rulesets dialog appears.
Click + Ruleset.
The Create Ruleset dialog appears.
Configure Name, Place Ruleset, and Existing Ruleset (if applicable).
Refer to the Parameter Details table.
Click Save.
Repeat steps 3–5 to create additional rulesets if needed.
Click Close.
On the Policies tab, select a ruleset from the Ruleset dropdown to add rules to it.

The new ruleset appears in the Ruleset dropdown. You can then add rules to the ruleset.

Parameter Details

Sl. No.	CoPilot Parameter Name	Description
1	Name	Enter a name for the ruleset.
2	Place Ruleset	Select where to place the ruleset: above or below an existing ruleset, or at the top or bottom of the ruleset list.
3	Existing Ruleset	If you select Above or Below in Place Ruleset, select the existing ruleset from this list.

Create Firewall Rule

To create a distributed firewall rule:

Go to Security > Distributed Cloud Firewall > Policies.
Click + Rule.
Configure the rule parameters. Refer to the Parameter Details table.
Save the rule.

The new rule appears in the Policy Table.

Parameter Details

Sl. No.	CoPilot parameter name	Description
1	Priority	Shows the order in which the rule applies.
2	Name	Shows the name of the firewall rule.
3	Source Groups	Shows the source VPCs or network groups.
4	Destination Groups	Shows the destination network or internet target.
5	WebGroup	Shows the web group linked to the rule.
6	Protocol	Shows the traffic type such as TCP, UDP, ICMP, or Any.
7	Ports	Shows the port or port range used by the rule.
	Rule Behavior
8	Action	Shows whether the rule permits or denies traffic.
9	SG orchestration	Shows whether security group sync is enabled.
10	Decryption	Shows whether traffic decryption is enabled.
11	Intrusion analysis	Shows whether traffic inspection is enabled.
12	Logging	Shows whether traffic logs are enabled.

Edit Firewall Rule

To edit an existing firewall rule:

Go to Security > Distributed Cloud Firewall > Policies.
Locate the rule in the Policy table and click the Edit button.
Update the desired parameters.
Save your changes.

Changes take effect after saving.

Move Firewall Rule

To change the priority order of firewall rules:

Go to Security > Distributed Cloud Firewall > Policies.
Locate the rule in the Policy Table and click the Move button.
Move the rule to the desired position in the priority order.
Save the new order.

Rule priority determines the order in which rules are evaluated.

Delete Firewall Rule

To delete a firewall rule:

Go to Security > Distributed Cloud Firewall > Policies.
Locate the rule in the Policy Table and click the Delete button.
Confirm the deletion.

The rule is removed from the Policy Table.

Manage Policy Enforcement and Logging

To reset traffic count, turn enforcement on or off, or manage logging for a rule:

Go to Security > Distributed Cloud Firewall > Policies.
Locate the rule in the Policy Table and click the Actions button.
Select Reset Traffic Count, Turn On Enforcement, Turn Off Enforcement, Turn On Logging, or Turn Off Logging as needed.

The selected action is applied to the rule.

Policy Logs
Intrusion Logs

Purpose

The Policy Logs page displays traffic logs generated by the Distributed Cloud Firewall policies. It helps monitor allowed and denied traffic, and supports troubleshooting and audit of policy enforcement across cloud networks.

Elements

Auto Refresh toggle: Enables or disables automatic refreshing of the log data.
Policy Logs table: Displays policy rule logs and their details.

Actions

View Policy Logs

To view Distributed Cloud Firewall policy logs:

Go to Security > Distributed Cloud Firewall > Monitor.
Select the Policy Logs tab.
The Policy Logs page appears with the Policy Logs table.
Review traffic logs for allowed and denied traffic.
Optionally, use the Auto Refresh toggle to enable or disable automatic refreshing of log data.

The table displays policy rule logs with timestamp, rule, gateway, source and destination IPs, and other traffic details for troubleshooting and audit.

Parameter Details

Sl. No.	CoPilot parameter name	Description
1	Timestamp	Shows the date and time when the traffic log is recorded.
2	Rule	Shows the firewall policy rule that matches the traffic.
3	Gateway	Shows the gateway that processes the traffic.
4	Source IP	Shows the source IP address of the traffic.
5	Destination IP	Shows the destination IP address of the traffic.
6	Source MAC address	Shows the source MAC address of the traffic.
7	Destination MAC address	Shows the destination MAC address of the traffic.
8	SNI	Shows the server name indication extracted from TLS traffic.
9	Decrypted by	Shows the gateway that performs traffic decryption.
10	URL	Shows the destination URL accessed by the traffic.
11	Protocol	Shows the traffic protocol such as TCP, UDP, or ICMP.
12	Source port	Shows the source port number used by the traffic.
13	Destination port	Shows the destination port number used by the traffic.
14	Reason	Shows the reason for the policy decision.
15	Action	Shows whether the traffic is allowed or denied.
16	Enforced	Shows whether the policy enforcement is applied.

Purpose

The Intrusion Logs page displays security events detected by the Distributed Cloud Firewall intrusion detection engine. It helps identify suspicious traffic, analyze threats, and support security investigation across cloud environments.

Elements

Distributed Cloud Firewall: Intrusion Logs

Intrusion Logs table: Displays intrusion detection logs and their details.

Actions

View Intrusion Logs

To view Distributed Cloud Firewall intrusion detection logs:

Go to Security > Distributed Cloud Firewall > Monitor.
Select the Intrusion Logs tab.
The Intrusion Logs page appears with the Intrusion Logs table.
Review security events detected by the intrusion detection engine.

The table displays intrusion logs with timestamp, severity, source and destination IPs, protocol, and attack details for security investigation.

Parameter Details

Sl. No.	CoPilot parameter name	Description
1	Timestamp	Shows the date and time when the intrusion event is recorded.
2	Severity	Shows the severity level of the detected intrusion.
3	Source IP	Shows the source IP address of the traffic.
4	Destination IP	Shows the destination IP address of the traffic.
5	Protocol	Shows the network protocol used by the traffic.
6	Source port	Shows the source port number used by the traffic.
7	Destination port	Shows the destination port number used by the traffic.
8	Application protocol	Shows the application-level protocol detected in the traffic.
9	Gateway	Shows the gateway where the intrusion is detected.
10	Category	Shows the intrusion category or attack type.
11	Attack target	Shows the target resource of the detected attack.
12	Deployment	Shows the deployment or environment where the event occurs.

Purpose

The DCF Audit page displays audit logs for Distributed Cloud Firewall operations. It helps track user actions, review configuration changes, and support security audit and troubleshooting activities.

Elements

Time Period filter: Filters audit logs based on a selected time range.

Actions

View DCF Audit Logs

To view Distributed Cloud Firewall audit logs:

Go to Security > Distributed Cloud Firewall > DCF Audit.
The DCF Audit page appears with audit logs for DCF operations.
Optionally, use the Time Period filter to filter logs by a selected time range.
Review user actions, configuration changes, and audit findings.

The audit logs help track user actions and support security audit and troubleshooting activities.

Parameter Details

Sl. No.	CoPilot parameter name	Description
1	Check Name	Shows the name of the audit check performed.
2	Status	Shows whether the audit check passed or failed.
3	Severity	Shows the severity level of the audit finding.
4	Resource	Shows the resource associated with the audit finding.
5	Details	Provides additional information about the audit finding.

Purpose

The Settings page allows configuration of global firewall settings, logging, and alerting options.

Elements

Global Settings Panel: Configure default action, logging, and alert thresholds.
Notification Settings: Enable alerts for intrusion detection and policy violations.
Advanced Options: Configure threat intelligence feeds and update intervals.

Actions

Configure Global Firewall Settings

To configure global firewall settings:

Go to Security > Distributed Cloud Firewall > Settings.
In the Global Settings Panel, configure the default action for unmatched traffic.
Set the Logging Level (Minimal, Standard, or Detailed).
Configure Alert Threshold for triggering alerts.
Save your changes.

Global settings apply to all Distributed Cloud Firewall policies.

Parameter Details

Sl. No.	CoPilot Parameter Name	Description
1	Default Action	Specifies default action for unmatched traffic (Allow/Deny).
2	Logging Level	Sets logging verbosity (Minimal, Standard, Detailed).
3	Alert Threshold	Configures thresholds for triggering alerts.
4	Threat Feed URL	URL for external threat intelligence feed.
5	Update Interval	Frequency of threat feed updates.

Configure Notification Settings

To configure notification settings for alerts:

Go to Security > Distributed Cloud Firewall > Settings.
In Notification Settings, enable alerts for intrusion detection and policy violations.
Configure notification destinations and preferences.
Save your changes.

Notifications are sent when configured thresholds or events occur.

Configure Advanced Options

To configure threat intelligence and advanced options:

Go to Security > Distributed Cloud Firewall > Settings.
In Advanced Options, configure the Threat Feed URL for external threat intelligence.
Set the Update Interval for threat feed updates.
Save your changes.

Threat intelligence feeds enhance intrusion detection and policy enforcement.

Concepts & Architecture

Guides

Reference

Purpose

Elements

Actions

Parameter Details

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Concepts & Architecture

Guides

Reference

​Purpose

​Elements

​Actions

​Parameter Details

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

​Purpose

​Elements

​Actions

​Parameter Details

Purpose

Elements

Actions

Parameter Details

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details

Purpose

Elements

Actions

Parameter Details