This presentation contains an overview of GoGrid's new (free) firewall service and how to create, enable and manage the service. This easy-to-use firewall protects all GoGrid cloud servers across multiple GoGrid data centers worldwide with automatic replication. The GoGrid Firewall is part of GoGrid's Cloud Infrastructure service and is built upon our Software Defined Networking (SDN) architecture. More information can be found at: http://j.mp/11STp9w
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
How To Enable and Manage GoGrid's (free) Firewall Service
1. How To Enable & Manage the GoGrid Firewall Service
FREE
^
2. About GoGrid
GoGrid’s cloud hosting platform provides:
Automated provisioning of infrastructure over the Internet
Deploy and scale virtual (cloud) and physical servers, storage, networking, load
balancing, and firewalls in real time across multiple data centers using GoGrid’s
web-based management console or API.
Instant access to highly available, multi-server environments
Access and operate using standard network protocols and IP addresses—no new
technical skills or specialized equipment required.
3. About GoGrid’s Firewall Service
GoGrid offers all customers an elastic, self-healing Firewall Service
to protect their servers free of charge.
Central management: Manage your policies from GoGrid’s management
console or via our RESTful API.
Fully featured: Define inbound and outbound policies. Dynamically edit or
move connections to a Security Group.
Easy to use: Predefined Security Groups make using the service quick and easy.
Global Security Groups: Define once, then synchronize across all GoGrid data
centers so the policies you define can be applied globally.
Highly available: Designed to instantly recover from failure.
Fully integrated: Use the firewall in conjunction with other GoGrid services.
More details at:
www.gogrid.com/products/infrastructure-firewall
4. Components of GoGrid’s Firewall Service
3 components to GoGrid’s Firewall Service
1. Security Group
2. Policy
3. Connection
Security Group
Global – not tied to a particular data center
Single-purpose – create Security Groups for specific groups of similar servers (e.g., web or
database)
Copy/Edit/Disable/Delete – full control over the management of Security Groups
Default Security Groups – use to create custom Security Groups (can’t edit or delete, only copy)
• Core – blocks all inbound traffic except pings, but can communicate with other servers in the
same Security Groups
• Block All – most restrictive: blocks all inbound & outbound traffic (good for locking down a
server)
• Linux Web – use for Linux-based web servers; opens ports 80 & 443 (HTTP/S) and 22 (SSH)
• Windows Web – use for Windows-based web servers; opens ports 80 & 443 (HTTP/S) and
3389 (RDP)
5. Components of GoGrid’s Firewall Service (cont.)
Policy
Governs the behavior of the Firewall
By default, the Firewall drops all traffic
Transport Protocol
• TCP (HTTP/web traffic)
• UDP (DNS-type traffic)
• ICMP (Ping)
Policy Direction
• Each policy must have a direction – Inbound, Outbound, or Any (both directions)
Address
• For each policy, you can specify particular IP addresses:
• 0.0.0.0/0 or Any – any IP address
• Self – any server connected to this Security Group
• Any server in the specified Security Group
• A specific IP address – such as 50.145.33.17
• A specific subnet – such as 50.145.33.1/24
Connections (Servers)
A Connection is a server and an interface
Connections are local (for a particular data center), but policies are global
Only one Security Group per connection
6. 3 Steps to Enable &
Manage GoGrid’s Firewall
Service
7. Steps to Enable GoGrid’s Firewall Service
1. Create a Security Group
2. Define a Policy
3. Add a Connection
More details at:
www.gogrid.com/products/infrastructure-firewall
9. #1 – About Security Groups
Security Group
Global – not tied to a particular data center
Single-purpose – create Security Groups for specific
groups of similar servers (e.g., web or database)
Copy/Edit/Disable/Delete – full control over the
management of Security Groups
Default Security Groups – use to create custom
Security Groups (can’t edit or delete, only copy)
• Core – blocks all inbound traffic except pings, but can
communicate with other servers in the same Security
Groups
• Block All – most restrictive: blocks all inbound &
outbound traffic (good for locking down a server)
• Linux Web – use for Linux-based web servers; opens
ports 80 & 443 (HTTP/S) and 22 (SSH)
• Windows Web – use for Windows-based web
servers; opens ports 80 & 443 (HTTP/S) and 3389
(RDP)
12. #1 – Security Groups
Default Security Groups:
Default Block All
Default Core
Default Linux Web
Default Windows Web
Select Default Security Group
Click “Clone” to copy
13. #1 – Add Details to Security Group
Add Details
14. #1 – Click “Save” to Create Security Group
Once saved, the Security Group replicates across all available GoGrid
data centers within seconds
Replication
16. #2 – About Policies
Policy
Governs the behavior of the Firewall
By default, the Firewall drops all traffic
Transport Protocol
• TCP (HTTP/web traffic)
• UDP (DNS-type traffic)
• ICMP (Ping)
Policy Direction
• Each policy must have a direction – Inbound, Outbound, or Any (both directions)
Address
• For each policy, you can specify particular IP addresses:
o 0.0.0.0/0 or Any – any IP address
o Self – any server connected to this Security Group
o Any server in the specified Security Group
o A specific IP address – such as 50.145.33.17
o A specific subnet – such as 50.145.33.1/24
17. #2 – Select a Security Group & Click “Edit”
Policies
22. #3 – About Connections
Connections (Servers)
A Connection is a server and an interface
Connections are local (for a particular data center), but policies are global
Only one Security Group per connection
23. #3 – Click on “Connection” Link in “Networking” Tab
24. #3 – Click “Add” to Add a New Connection
Click “Add”
Select “Data Center”
Enter Details & Select
Server & Security Group
25. #3 – Click “Save” to Create the Connection
“Active” Connections will be displayed