Managing Distributed Cloud Firewall Rulesets

You must upgrade to Controller version 8.0 to use DCF rulesets.

After creating your rulesets, you can manage them by:

  • Changing their priority

  • Resetting the traffic count for specific rulesets, if you want to see what new traffic is coming in for the rules within a ruleset.

Initial Rulesets

Two rulesets are initially available when you start using the Rulesets feature:

  • Post Rules Policy List: System-based ruleset that contains the DefaultDenyAll Rule. This rule cannot be modified or deleted.

  • V1 Policy List: Ruleset added by Aviatrix that you can edit. This ruleset contains the Greenfield Rule, which you can modify or delete as needed.

If you configured any DCF rules before upgrading to Controller 8.0, they are added to the V1 Policy List ruleset.

Changing Ruleset Priority

To change ruleset priority:

  1. On the Security > Distributed Cloud Firewall > Policy tab, click Manage Rulesets. The Manage Rulesets dialog displays.

  2. To change a ruleset’s priority, click the up/down arrow icon next to a ruleset in the list.

  3. In the Move Rulesets popup, select to move the ruleset:

    • Above: Move above an existing rule

    • Below: Move below an existing rule

    • To Top: Move to the top of the ruleset list

    • To Bottom: Move to the bottom of the ruleset list

    • Priority: assign a Priority Number to the ruleset

  4. Click Save Draft.

  5. In the Manage Rulesets dialog, click Commit if you want to commit the change.

Resetting Traffic Count

See Resetting Distributed Cloud Firewall Traffic Count.

Deleting a Ruleset

  • You can only delete a ruleset if it does not contain any rules.

  • You can only delete rulesets that you have created.