Firewall as a Service
IBEE Solutions Firewalls let you define inbound traffic rules and attach them to your VMs. Each firewall group contains a set of rules that control which traffic is allowed or dropped before it reaches your server. Firewalls are managed from the portal sidebar under Network.
How firewalls work
- A firewall group is a named collection of rules. Each organization has a default firewall group.
- Rules are evaluated in order. Each rule specifies a protocol, port range, source, and action (accept or drop).
- Firewall groups can be attached to multiple VMs. A VM can have one firewall group at a time.
- Rules support both IPv4 and IPv6 traffic, managed in separate tabs.
Firewall group structure
Each firewall group has three tabs:
Rule components
Each rule has the following fields:
Common application ports
The portal offers quick-pick buttons for common services:
System-managed rules
Some rules are system-managed and cannot be edited or deleted. These are marked in the rule list and ensure essential connectivity (e.g., DHCP, metadata service).
Default firewall group
Each organization has a default firewall group. New VMs are automatically associated with it unless you specify a different group during deployment.
Linked instances
The Instances tab shows all VMs attached to the firewall group, including:
- Instance name
- Status (running, stopped, etc.)
- IP addresses
- OS label
Best practices
- Start with a deny-all posture and explicitly allow only the ports you need.
- Use Custom source CIDRs to restrict access to known IP ranges instead of Anywhere.
- Keep SSH (port 22) access restricted to your office or VPN CIDR.
- Review attached instances periodically to ensure the right VMs are protected.
