Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Abiquo 5.4 introduces Firewall policies for Google Cloud Platform (GCP). Abiquo firewall policies are GCP Firewall rules and they belong to VPC networks (Abiquo global networks).  Administrators can onboard firewalls when they onboard global networks.


To display Firewall policies in GCP, go to myCloud → Global view → select the GCP provider → Networks → Firewalls.

Image Modified

In GCP, there is no firewalls tab in the Location view and this is different to other providers, such as Microsoft Azure.

In the virtual datacenter, GCP has a a Firewalls tab to give users a consistent experience. And administrators can assign a firewall to a virtual datacenter, as in all other providers.

Administrators can also enforce security policy by setting a default firewall that cloud users cannot change. Abiquo will also display a warning if a recommended firewall is not in use.

Image Modified

Administrators can onboard global networks (VPC networks) from GCP, which will also onboard the subnets and firewalls of the selected location. In previous versions, Abiquo created a firewall to enable users to connect to the VM, because the default configuration is to deny all traffic. If you were using previous versions of the GCP integration, Abiquo may onboard these firewalls after you upgrade.

When users configure a VM, if users have the privilege to Assign firewalls to virtual machines, Abiquo displays all firewall policies (assigned to the VDC and at the Global level). The user experience here is exactly the same as for all other providers.

Image Modified

Users can create a firewall policy in the myCloud view in Virtual datacenters or in the Global view. See GCP entity naming conventions for details of acceptable firewalls names. GCP Firewall rules must be in a single direction (ingress or egress) and type (allow or deny). You can add multiple protocols in the same firewall direction. And you must set a priority, where the default is 1000, and lower numbers have higher priority. You can also enable firewall logging.

Image Modified

When you add the protocols and rules, you can add multiple port values and ranges for the firewall rules.

Image Modified