Page tree

Step 1: Create an IP Group

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click IP Groups
  5. Click Actions, and then click New Group
  6. In IP Group Name, enter a descriptive name. 
    • Armor recommends that you add Source or Destination into the name of the IP Group to help you identify the IP Group as the Source or Destination IP group. 
  7. In Add Members To Group, enter a member, and then click the plus icon.
    • You can enter:
      • A single IP address
      • A range of IP addresses
      • CIDR
    • You must add at least one member. 
    • You can add multiple members to a service group. 
  8. Click Apply
    • The newly created IP group will appear at the bottom of the table. 


Step 2: Create a Service Group

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click Service Groups
  5. Click Actions, and then click New Group.  
  6. In Service Group Name, enter a descriptive name. 
  7. In Add Members To Group, enter the service or sub-protocol, and then click the plus ( + ) icon. 
    • You must add at least one member. 
    • You can add multiple members to a service group. 
      Service or sub-protocolNotesExample
      Services (TCP, UDP, etc.)

      You must enter a port number.

      These services are not case-sensitive.

      • tcp/80
      • TCP/80
      • Tcp/80
      • tCp/80
      Additional services (AARP, AH, etc.)

      These additional services are not case-sensitive.

      Do not enter a port number with these additional services.

      • ATALK
      • igmp
      • Gre
      Sub-protocols (echo-reply, redirect, etc.)

      You must enter icmp, followed by the specific sub-protocol.

      You must enter the sub-protocol in lower-case letters.

      Do not enter a port number.

      • icmp/source-host-isolated
      • icmp/time-exceeded
  8. Click Apply
    • The newly created service group will appear at the bottom of the table. 

For a complete list of supported services and sub-protocol, see Review supported services and sub-protocols.


Step 3: Create a firewall rule 

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top menu, click the corresponding data center. 

  4. Click Actions, and then click New Rule

    • If you do not see Actions, then click Create a Firewall Rule
  5. In Name, enter a descriptive name. 
  6. In Action, select Allow to allow specified traffic to access your virtual machine or Block to block specified traffic. 
  7. Under Service, enter and select the name of the desired Service Group.
  8. Under Source, enter and select the name of the desired IP Group.
  9. Under Destinations, in the field, enter and select the name of the desired IP Group.
  10. Click Save Rule

After you create a rule, Armor recommends that you place the rule in the correct order.

To reorder a rule:

  1. Under Rule, in the numbered fields, enter a number to move the rule to a different position. 
    • If you have more than 25 rules, the additional rules will be placed in a secondary section within the Firewall screen. To reorder and move these additional rules into a higher position, enter a number under the Order column, and then press Enter on your keyboard. 
  2. In the top menu that appears,  click Save.

If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.

To learn how to send a support ticket, see Support Tickets.

To disable a rule:

  1. Locate and hover over the desired rule.
  2. Click the vertical ellipses.
  3. Click Disable Rule.
  4. Click Disable Rule again.
  5. In the top menu that appears, click Save.