Creating the filtering policy

Go to the Configuration tab in Security policy > Filter - NAT.

The active security policy, created automatically when the SNS instance is moved, appears: slot (9) Outscale. This policy contains a rule that allows SSH access to the firewall.

Adding the rule for HTTP access to the web server

  1. Select the rule for SSH access to the firewall by clicking once.
  2. Click on New rule, then Single rule.
    An inactive rule is added immediately after the rule selected in step 1.
  3. Double-click on the new inactive rule.
    A window appears, allowing you to edit this rule.

General menu

Set the Status to On.

Action menu

  1. Select the General tab.
  2. Set the Action to pass.

Source menu

  1. Select the General tab.
  2. In the Incoming interface field, select the out interface.

Destination menu

  1. Click on the General tab.
  2. Click on Add in the Destination hosts field.
  3. Type firewall to filter hosts, then select the Firewall_out object.
  4. Select the Advanced properties tab.
  5. In the NAT on the destination > Destination field, type web to filter hosts, then select the webserver object.

Port/Protocol menu

  1. In the Destination port field, click on Add.
  2. Type http to filter ports, then select the http object.
  3. Confirm by clicking on OK.

Adding the rule for SSH access to the web server

  1. Select the rule created earlier for HTTP access to the web server by clicking once.
  2. Click on New rule, then Single rule.

    An inactive rule is added immediately after the rule selected in step 1.
  3. Double-click on the new inactive rule.

    A window appears, allowing you to edit this rule.

General menu

Set the Status to On.

Action menu

  1. Select the General tab.
  2. Set the Action to pass.

Source menu

  1. Select the General tab.
  2. In the Incoming interface field, select the out interface.

Destination menu

  1. Click on the General tab.
  2. Click on Add in the Destination hosts field.
  3. Type firewall to filter hosts, then select the Firewall_out object.
  4. Select the Advanced properties tab.
  5. In the NAT on the destination > Destination field, type web to filter hosts, then select the webserver object.

Port/Protocol menu

  1. In the Destination port field, click on Add.
  2. Type ssh to filter ports, then select the SSH-Webserver object.
  3. In the Translated destination port field, select the ssh object.
  4. Confirm by clicking on OK.

Adding the Internet access rule for protected hosts

  1. Select the rule created earlier for SSH redirection to the web server by clicking once.
  2. Click on New rule, then Single rule.
    An inactive rule is added immediately after the rule selected in step 1.
  3. Double-click on the new inactive rule.
    A window appears, allowing you to edit this rule.

General menu

Set the Status to On.

Action menu

  1. Select the General tab.
  2. Set the Action to pass.

Source menu

  1. Select the General tab.
  2. In the Incoming interface field, select the in interface.

Destination menu

  1. Click on the General tab.
  2. Click on Add in the Destination hosts field.
  3. Type inter to filter hosts, then select the Internet object.
  4. Confirm by clicking on OK.

Adding rule separators (optional)

Rule separators can be added to the filter policy to make it easier to read.

  1. Select the rule before which you want to insert a separator by clicking once.
  2. Click on New rule, then Separator – rule grouping.
    A rule separator is added immediately in front of the rule selected in step 1.
  3. Double-click on the separator.
  4. Enter text to describe each separator.

EXAMPLES
In the suggested configuration, four separators can be added. For example:

  • Administration,
  • HTTP and SSH redirection to the web server,
  • Private network to the Internet,
  • Block all.

The filter policy will then look like this: