Enabling the Distributed Cloud Firewall Feature

If you see a message on the Distributed Cloud Firewall page (Security > Distributed Cloud Firewall) that you require the Aviatrix Universal Subscription, in the cloud marketplace you must subscribe to and accept terms for the correct Aviatrix subscription. For more information on subscribing, see Aviatrix Licensing.

Take note of your Customer ID (license) for this offer.

If there is no pre-existing customer ID (you are a new user), you entered this customer ID when logging on to CoPilot. You do not need to reset the Customer ID on the License tab before enabling the feature.

If you have already subscribed to the Aviatrix Universal Subscription license, you do not need to subscribe again. You can just enable the feature from Configuration > Settings > License in CoPilot.

If you configured the ThreatIQ and/or Geoblocking features prior to Controller version 7.2.4820, in 7.2.4820 you automatically receive a free Distributed Cloud Firewall (DCF) license.

If you did not configure the ThreatIQ and/or Geoblocking features prior to Controller version 7.2.4820, you are expected to purchase a DCF license. This will include the ExternalGroup feature.

To enable the Distributed Cloud Firewall (DCF) feature:

  1. In CoPilot, go to Security > Distributed Cloud Firewall > Policies.

  1. Click Begin Using Distributed Cloud Firewall.

    40%

  2. The Begin Using Distributed Cloud Firewall popup displays. Click Begin.

    300

The Policies tab now displays the rules in the system-defined V1 Policy List ruleset. You can add rules to the system-defined rulesets.

If desired, you can enable DCF from the Security > Distributed Cloud Firewall > Settings tab, and then go to the Security > Distributed Cloud Firewall > Policies tab to begin using DCF.

The Rules tab now displays the rules in the system-defined V1 Policy List ruleset. You can add rules to the system-defined rulesets.

Assuming that the Distributed Cloud Firewall feature is enabled, these Preview features are available:

  • Enforcement on PSF Gateways and/or Enforcement on External Connections. You must enable these features from the Security > Distributed Cloud Firewall > Settings tab. With these features, you can enforce DCF on PSF Gateways and/or External Connections.

  • DCF on Kubernetes Clusters from the Feature Previews list. To use this feature, you must enable it from the Discovery of Kubernetes Resources card on the Groups > Settings tab.