The Forwarding Firewall ruleset contains default rules that fit most applications and services that are handled by the Barracuda CloudGen Firewall. The following table lists all Forwarding Firewall rules that are preconfigured for Cloud instances.
Default Forwarding Firewall Rules for Cloud Instances
# | Default State | Type | Name | Comment |
|---|---|---|---|---|
0 | Disabled | Block | BlockATDQuarantine | Blocks infected hosts that are block-listed by ATP |
1 | Enabled | App Redirect | CLOUD-CC-MGMT-COMM | Redirects incoming Control Center management traffic on the DHCP interface to the management IP address. |
2 | Enabled | App Redirect | CLOUD-SETUP-MGMT-ACCESS | Redirects incoming management traffic on the DHCP interface to the management IP address. |
3 | Enabled | App Redirect | CLOUD-SETUP-WEBUI-MGMT-ACCESS | Redirects incoming management traffic to the WebUI on the DHCP interface to the management IP address. |
4 | Enabled | App Redirect | CLOUD-SERVICE-VPN-ACCESS | Redirects incoming management traffic to the WebUI on the DHCP interface to the management IP address. |
5 | Enabled | App Redirct | CLOUD-SERVICE-VPN-ACCESS-IPSEC | Redirects IPsec VPN connections to the VPN service listening on the virtual server IP address. |
6 | Disabled | App Redirect | CLOUD-LB-PROBE | Redirects probes from the load-balancer TCP port 65000 to fwauth on port 450. |
7 | Enabled | Pass | CLOUD-NET-2-INTERNET | Allows all traffic from the detected subnets of the virtual network or VPC to the Internet. |
8 | Enabled | Pass | CLOUD-NET-2-CLOUD-NET | Allows all traffic between the detected subnets of the virtual network or VPC. |
9 | Disabled | Pass | CLOUD-NET-2-VPN-SITE | Allows all traffic between the detected local cloud networks and remote networks of VPN site-to-site tunnels. |
10 | Enabled | Pass | CLOUD-NET-2-VPNCLIENTS | Allows unrestricted access for Barracuda Network Access Clients coming in through interface pvpn0 to the trusted LAN. |
11 | Enabled | Block | BLOCKALL | Blocks all IP traffic. |