What is it?
Managed Firewall for Cloud Servers is a service providing a secure Internet channel with managed firewall. The main objective of the service is monitoring and filtering passing through network packets according to defined policies and options screen.
Billing
We have tried to simplify its billing and accounting is reduced to just one parameter - the capacity of the protected band. Step, which can increase the capacity of the firewall is 5 Mbit / s.
Activate the Service
To start using the service, you need to have at least one dedicated subnet for servers in data centers and pay protected strip to the extent necessary.
Secure the band is an independent resource and it can be connected to any available you subnet (paid, PI URLs). Translation subnet insecure network by firewall occurs in manual mode after agreeing prime time, when transferring network subnet is about 1 minute.
Changing Bandwidth
After activating the service, you can change firewall throughput protected band "on the fly" through the control panel. If you change (increase or decrease) the capacity of the protected strip missing.
Beginning of Work
By default, the protection of disabled traffic - traffic already passes through the firewall, but it does not apply to any action. After payment services firewall and transfer under the protection subnet, you get access to the control panel, firewall, in which the utilization of available graph secure strip chart with counters on the "bad" traffic, as well as tabs for configuration management and policy options screen validation traffic.
The Validation Process Traffic
Initially checked accessory package to the existing session if the packet does not belong to any existing session, it is checked through the screen, and then runs a chain of policy, if there were no anomalies in the packet is delivered to the destination address. If the packet belongs to an existing session, it immediately goes to check abnormality in the screen without passing chain policies and then delivered to the destination address. Policies can be set in both directions, both inbound and outbound. Screen check all traffic passing through the firewall, regardless of its direction. Unidirectional policy does not mean that you have to adjust the resolution of a response from the destination, since the session is divided into two areas.
