Testing the configuration and backing it up
Now that your firewall is configured, ensure that everything is running correctly. If so, we recommend backing up the configuration of your firewall so that you can restore it whenever necessary.
Testing the configuration
If certain components are inaccessible when the configuration is finalized, check whether the malfunction relates to the configuration of your firewall. To do so:
-
Check the rules in your filter and NAT policy to identify errors, if any,
-
You can position a pass all rule at the beginning of a filter policy to test whether a rule in particular is too restrictive. Be cautious, however, as this may compromise the security of your environment while you perform your tests.
In our example, we will conduct the following tests:
-
Tests on outgoing traffic (from the DMZ to the Internet)
-
Establish an HTTP connection from the web server (Web_Documentation-Server in the example) to an external web server,
-
Look up the logs for these connections in the firewall’s administration interface in Monitoring > Logs - Audit logs > Network traffic.
-
-
Tests on incoming traffic (from the Internet to the DMZ)
-
Establish a web connection from a host located outside the Microsoft Azure infrastructure to the index.htm page of the virtual web server,
-
Look up the logs for established connections as well as NAT operations in the firewall’s administration interface in Monitoring > Logs - Audit logs > Network traffic.
-
Backing up the configuration
Back up the firewall’s configuration manually in Configuration > System > Maintenance, Backup tab. Enable automatic backups of its configuration in this module.
For more information, refer to the chapter on Maintenance in the SNS user manual.