CA API Gateway 9.1

9.4 9.1

Manage Firewall Rules

The Manage Firewall Rules task is used to manage the firewall rules that are used to control traffic flow into the . You can create, clone, edit, or remove a rule.
gateway83
The 
Manage Firewall Rules
 task is used to manage the firewall rules that are used to control traffic flow into the 
API Gateway
. You can create, clone, edit, or remove a rule.
This topic also describes how to create rules to allow the Gateway to accept traffic on lower port numbers (such as 80 or 443). This ability is not enabled by default in the factory configuration of the Gateway. 
This topic applies only to the Appliance Gateways. For Software Gateways, you manage firewall settings on the host computer. Ensure that the firewall on the host computer allows traffic on all the ports listed in Manage Firewall Rules. For a list of the ports required, consult the file
<Gateway_home>/var/firewall_rules
 on the Gateway. This file is a standard Linux firewall configuration file that can be used to automatically adjust the firewall, if you are using the Linux RHEL version of the Gateway.
Contents:
Using the Manage Firewall Rules Task
To manage firewall rules
  1. Run the Manage Listen Ports task and then click [
    Manage Firewall Rules
    ] on the Manage Listen Ports dialog. The Manage Firewall Rules dialog appears. 
  2. The following table describes each column (these are set in the firewall rule properties):
    Column
    Description
    Enabled
    Indicates whether the rule is enabled or not.
    Name
    The "friendly" name given to the rule. This name is used only for logging and display purposes.
    Protocol
    Select the transport protocol associated with the rule from the drop-down menu. The following protocols are available:
    • TCP
    • UDP
    • ICMP
       (This protocol is only available via the Advanced Properties settings.)
    Interface
    Lists the interfaces that are bound by the rule.
    Port
    The port number that is associated with the rule. The port number must be between 1 and 65535 (inclusive).
    Action
    This is the rule action. See Manage Interfaces for details.
  3. Select a task to perform:
    To...
    Do this...
    Add a new firewall rule
    1. Click [
      Create
      ].
    Clone an existing firewall rule
    1. Select the rule to clone.
    2. Click [
      Clone
      ].
    3.  Edit the Firewall Rule Properties as required.
    Remove a firewall rule
    1. Select the rule to remove.
    2. Click [
      Remove
      ].
    3. Click [
      Yes
      ] to confirm removal of the rule.
    View or edit the properties of a firewall rule
    1. Select the rule to view.
    2. Click [
      Properties
      ].
    3.  Edit the Firewall Rule Properties as required.
    Create an advanced firewall rule
    1. Click [
      Advanced Create
      ].
    2. Click [
      OK
      ]. View Firewall Rule Properties for details.
    Advanced Properties
    1. Select the rule to view.
    2. Click [
      Advanced Properties
      ]. View Firewall Rule Properties for details.
    Restore Defaults
    Click [
    Restore Defaults
    ] to restore to the default firewall rules of the
    API Gateway
     appliance.
    This option only clears the custom added rules.
    Reorder the list of rules
    Select a firewall rule and then click [
    Move Up
    ] or [
    Move Down
    ]to reorder the list of rules. The rules within each action type (Accept/Redirect/Drop) will be applied sequentially, in a top-to-bottom order. Moving the rule to the top will execute it first in the action group. Moving the rule down will make it apply later in that action group.
  4. Click [
    Close
    ].
Configuring the Gateway for Ports 80 and 443
Ports 80 and 443 are standard ports numbers for HTTP and HTTPS, but the Gateway does not accept traffic on these ports by default. The factory configuration of the Gateway uses port 8080 (for HTTP) and 8443/9443 (for HTTPS). Typically a load balancer in front of the Gateway accepts traffic on port 80 or 443 and then forwards this traffic over 8080 or 8443. When a load balancer is not possible in the workflow, you can configure the Gateway to accept the traffic itself.
To configure the Gateway to use port 80 and 443, or any low number port:
  1. Run [
    Manage Firewall Rules
    ] as described above.
  2. Click
    Create
    .
  3. Complete the
    Simple Firewall Rules Properties
     as follows:
    • Rule Name:
       Enter a name for this rule (for example, "Sample HTTPS Redirect")
    • Enable:
       Select this check box.
    • Rule Action:
      Redirect
    • Interface:
       Normally
      All
       is used, but you can assign this rule to a specific interface
    • Protocol:
      tcp
    • From Port:
       Enter the port that the Gateway listens to (for example, "443")
    • To Port:
       Enter the port to which traffic is redirected to (for example, "8443")
  4. Click
    OK
     to save the new firewall rule.
  5. Click
    Close
     to exit Manage Firewall Rule. The new rule takes effect immediately, with no Gateway restart required.

Content feedback and comments