Creating Intra Data Center Firewall Policies - Hybrid Cloud and IT Solutions

Sign in

Sign in Language
Home
Products
- Lumen Edge Services New
  - Lumen Edge Services Accelerate data and applications for next-gen workloads via ultra-low latency connectivity and distributed compute.
  - Lumen Edge Bare Metal Dedicated on-demand physical servers that are ideal for compute-intensive workloads that require low-latency.
- Cloud Management
  - Cloud Management Cloud management options meeting a full spectrum of needs. From fully-managed by Lumen to self-service by the customer, as appropriate for the workload.
  - Managed Services Anywhere Simplified governance, faster application delivery and lower costs, powered by Cloud Application Manager.
  - Advanced Managed Services Access experienced professionals to architect, optimize and elevate operational governance for Hybrid IT environments.
  - Cloud Application Manager An automation platform for cloud orchestration and application management.
- Platforms
  - Platforms Build out simple or complex solutions from your choice of Hybrid IT Platforms, suitable for everything from DevOps and Testing Environments to Enterprise Computing.
  - Lumen Public Cloud Create highly-configurable virtual servers and pay only for what you use.
  - Lumen Private Cloud A private cloud built to deliver a completely integrated hyperconverged infrastructure.
  - Cloud Application Manager An automation platform for cloud orchestration and application management.
- Servers
  - Servers Embark on a hybrid IT journey with your choice of Public Cloud, Bare Metal and Private Cloud Servers.
  - Bare Metal Servers Physical servers with the flexibility and control of virtual machines.
  - Private Cloud Servers Benefit from the flexibility of the cloud, with the security and single-tenancy of a private environment.
- Storage & Backup
  - Storage & Backup Everything you need to support your cloud storage and business continuity requirements.
  - Lumen Network Storage New Physically implemented storage nodes located throughout the network, enabling real-time data action at the Edge.
  - Simple Backup Service Protect your critical data anywhere with configurable, reliable, file-level backup.
  - Object Storage Store and manage your files in a highly available repository.
  - Lumen Cloud Block Storage Protect your workload with a flexible SAN-based storage option featuring built-in disaster recovery.
- Networking
  - Content Delivery Network Maximize performance and user experience when high performance is essential.
  - Compare Our CDN Options Get an improved user experience for websites and cloud applications, when high performance is essential.
  - Lumen CDN Reliable, secure, high-performing content delivery.
  - Mesh Delivery For businesses that demand scalable and reliable video delivery.
  - CDN Edge Compute Full page performance improvement.
  - CDN Load Balancer CDN Orchestrator is a dynamic multi-CDN load balancer for video streaming.
  - Networking Increased reliability and faster performance in the cloud and across Hybrid IT environments.
  - Lumen Cloud Load Balancer Keep applications online and traffic flowing evenly on Lumen Cloud.
  - Lumen Cloud Firewall Secure your Lumen Cloud infrastructure with a dedicated, customizable firewall.
  - Lumen Cloud Direct Connect Establish a fast, low-latency connection from a company network to Lumen Cloud data centers.
  - Lumen Cloud VPN Create a secure network connection over your Lumen Cloud public or private network.
  - Lumen Cloud DNS Host and manage your custom DNS zones in Lumen Cloud.
- Security
- Managed Services
- Application Services
  - Application Services Manage and provision faster and more efficiently.
  - Database
  - Relational DB MySQL-Compatible A MySQL-compatible database as a service instance.
  - Relational DB for Microsoft SQL A Microsoft SQL database as a service instance.
  - Services
  - Application Lifecycle Management Modeling, deployment and orchestration for the entire application lifecycle.
  - Security Managed options layered to defend Cloud/Hosting workloads.
Pricing
- Online Estimator Calculate your monthly Hybrid IT costs using our price estimator.
- Pricing Catalog Our pricing model is simple: pay only for what you use.
For Developers
Resources
Knowledge Base
Support

CONTACT General: 1.877.388.4373 Support: 1.888.638.6771

Submit Support Request

Submit Support Request

Subscribe to Lumen Cloud Knowledge Base

Creating Intra Data Center Firewall Policies

Updated by Chris Little on Jun 22, 2018
Article Code: kb/873

Overview

The Lumen Cloud Platform provides self-service tools to connect networks within a particular data center ("intra data center") through the use of configurable firewall policies. This is useful when a customer has multiple networks (vlans) within a particular account, or has a range of sub-accounts with their own vlans, and wants to selectively choose the traffic that can flow among them.

Connecting Networks within a Single Account

Create network VLAN(s) in the respective Lumen Cloud Data Center. We recommend applying friendly names to Networks.
Validate the networks are in place in your Lumen Cloud account using the Networks menu item and selecting the appropriate Data Center. In the sample below, a Web Services & Database Services VLAN exists in UC1.
Create Virtual Instances within the appropriate network (VLAN). In this example, we have created (2) VM's as follows:

Web VM (IP 10.120.68.15) in Web Services 10.120.68.50/24 Network (VLAN)

DB VM (IP 10.120.69.12) in Database Services 10.120.69.0/24 Network (VLAN)

OPTIONAL: Perform a test ICMP ping between the web server & database server. This test should fail as no Firewall Rule is in place between networks in UC1.
Using the left side navigation bar, click on Network > Firewall.
Select the desired Lumen Cloud Data Center node you wish to create an Firewall rule. Next, choose to the Intra Data Center tab. In this example, we used UC1.
Choose Add Policy, Add Source Address.
Select the appropriate source network followed by the subnet size. Customers can choose to do an entire network (VLAN), CIDR blocks or individual IPs in the rule set. In this example, we are choosing the Web Services (10.120.68.0/24) network and the individual Web VM (10.120.68.15) for this rule set.
Choose Add Destination Address. Select the appropriate destination network followed by the subnet size. Customers can choose to do an entire network (VLAN), CIDR blocks or individual IPs in the rule set. In this example, we are choosing the Database Services (10.120.69.0/24) network and the individual DB VM (10.120.69.12) for this rule set.
Select Add Ports. Customers can choose from predefined TCP ports (any, FTP, FTPS, HTTP, HTTPS, PING, SSH, RDP), Custom TCP or UDP ports and Custom TCP or UDP port ranges all within the same rule set. For demonstration purposes, we are simply opening PING. Choose Ok.
Once complete, press the Save button. Your new Intra Data Center Rule will take less than 60 seconds to process in the Queue. You can review its progress using the Queue Menu item.
Confirm the Intra Data Center Firewall Policy is functional by performing another ICMP Ping test between virtual instances located in the (2) networks. In this example, we are able to ping from the Web VM (10.120.68.15) to the DB VM (10.120.69.12).

Connecting Networks Across a Parent & Sub-Account Hierarchy

Create the appropriate Parent & Sub-Account Hierarchy. Refer to the Account Hierarchy Primer for more information.
Create network VLAN(s) in the respective Lumen Cloud Data Center and Accounts. We recommend applying friendly names to Networks.
Validate the networks are in place in your Lumen Cloud accounts using the Networks menu item and selecting the appropriate Data Center. In the sample below, a Parent Web Services network & a Sub-Account DB VLAN exists in UC1 under unique Accounts.
Create Virtual Instances within the appropriate network (VLAN). In this example, we have created (2) VMs as follows

Web VM (IP 10.120.68.15) in Web Services 10.120.68.50/24 Network (VLAN)

DB VM (IP 10.122.171.12) in Sub-Account DB 10.122.171.0/24 Network (VLAN)

OPTIONAL: Perform a test ICMP ping between the web server (parent account) & database server (sub-account). This test should fail as no Firewall Rule is in place between these networks in UC1.
Using the left side navigation bar, click on Network > Firewall.
Select the desired Lumen Cloud Data Center node you wish to create an Firewall rule. Next, choose to the Intra Data Center tab and change the destination account to the appropriate sub-account. In this example, in UC1 we chose a Sandbox Sub Account.
Choose Add Policy, Add Source Address.
Select the appropriate source network followed by the subnet size. Customers can choose to do an entire network (VLAN), CIDR blocks or individual IPs in the rule set. In this example, we are choosing the Web Services (10.120.68.0/24) network and the individual Web VM (10.120.68.15) for this rule set.
Choose Add Destination Address. Select the appropriate destination network followed by the subnet size. Customers can choose to do an entire network (VLAN), CIDR blocks or individual IPs in the rule set. In this example, we are choosing the Sub-Account DB (10.122.171.0/24) network and the individual DB VM (10.122.171.12) for this rule set.
Select Add Ports. Customers can choose from predefined TCP ports (any, FTP, FTPS, HTTP, HTTPS, PING, SSH, RDP), Custom TCP or UDP ports and Custom TCP or UDP port ranges all within the same rule set. For demonstration purposes, we are simply opening PING. Choose Ok.
Once complete, press the Save button. Your new Intra Data Center Rule will take less than 60 seconds to process in the Queue. You can review its progress using the Queue Menu item.
Confirm the Intra Data Center Firewall Policy is functional by performing another ICMP Ping test between virtual instances located in the (2) networks. In this example, we are able to ping from the Web VM (10.120.68.15) to the DB VM (10.122.171.12).