Distributed Cloud Firewall Rulesets
Your Distributed Cloud Firewall (DCF) policy is essential for managing and securing network traffic across various parts of an organization.
Your DCF policy consists of a group of rulesets. Each ruleset consists of a set of ordered rules. These rulesets enable organizations to achieve various objectives by creating collections of ordered rules tailored to specific needs.
|
You must upgrade to Controller version 8.0 to use DCF rulesets. In Controller 8.0, two predefined rulesets will be available: V1 Policy List (editable) and Post Rules Policy List (non-editable). The former will contain all existing legacy rules (created prior to Controller 8.0) and the Greenfield Rule. The latter will contain the DefaultDenyAll rule. |
For instance, different geographical regions may require separate rulesets to manage applications based on varying security policies and compliance requirements. This flexibility allows different parts of the organization to update their rulesets without disturbing others, helping to prevent organizational bottlenecks.
Each rule within a ruleset has its own priority, with traversal beginning from the higher priority ruleset. This enables efficient prioritization and checking of rulesets. Note that numbers 1000-8999 are reserved for rulesets.
Rulesets can be executed in a specific order. It is crucial for different groups within an organization to collaborate and decide which rulesets take precedence. This collaboration ensures that the most critical rules are applied first.
You can switch between rulesets, but it is important to save changes on the Rules tab for a specific ruleset before switching to another. A rule can be used in more than one ruleset, providing further flexibility in managing network security.