Configuring Firewall Settings

Note: During the editing of firewall configuration settings, if an attempt is made to leave the Firewall Configuration Menu screen with unsaved changes, you are presented with the options to save changes and exit, exit without saving changes, or to return to the Firewall Configuration Menu screen to continue.
Note: When all firewall configuration setting changes are completed, be sure to use Save and Apply Configuration from the Firewall Configuration Menu screen to commit the changes made to the firewall configuration files and restart the firewall.

To configure firewall settings:

  1. Log in to the platcfg utility using one of two methods, either from the system console using root or through an SSH remote session using admusr.
    • To access the platcfg utility from the system console:
      1. Log in as root.
      2. Enter su - platcfg.
    • To access the platcfg utility through an SSH remote session:
      1. Log in as admusr.
      2. Enter sudo su - platcfg.

    Note: The dash (-) is required in the su - platcfg or the sudo su - platcfg command to ensure proper permissions.

  2. Select Policy Configuration from the Main Menu screen and press Enter.
  3. Select Firewall from the Policy Configuration Menu screen, and press Enter.
  4. Select Enable/Disable Firewall from the Firewall Configuration Menu screen and press Enter.
  5. Select Edit from the Firewall Status screen and press Enter.
  6. To enable the IPv4 or IPv6 firewall , select Enable iptables or Enable ip6tables from the list of interfaces on the Enable/Disable Firewall Features Menu screen and press Enter.
  7. When prompted to continue, select Yes from the Enable iptables? screen or other appropriate dialog screen that opens and press Enter.
  8. Note:
    (Optional) To open additional ports in the firewall, select Enable Custom Rules from the Enable/Disable Firewall Features Menu screen.
  9. Select Yes from the Enable custom rules? screen to confirm that custom rules are to be enabled or select No to cancel.
  10. To set custom rules to be used instead of default firewall rules, select Enable custom prefer from the Enable/Disable Firewall Features Menu screen.

    If a custom rule conflicts with a default rule, the default rule is used, but the default rule can be overridden if the custom prefer option is enabled. Rules conflict if they have matching protocols (TCP, UDP) and ports (80, 443, etc.).

  11. Select Yes from the Enable custom prefer feature? screen to confirm custom rules are to be preferred over default rules or select No to cancel.
  12. To add, edit, or delete custom firewall rules, select Customize Firewall from the Firewall Configuration Menu screen and press Enter.
  13. Select Edit from the Firewall Custom Rules screen and press Enter.
  14. To add a new rule or edit an existing rule, select Add Rule or Edit Rule from the Connection Action Menu screen and press Enter.
  15. Enter information to customize the firewall rule, then select OK and press Enter.

    Note: The term All indicates open access to any interface, for example: PMAC, REP, OAM, SIG-A, SIG-B, and SIG-C.

  16. Enter field values, select OK and press Enter.

    Note: If you are configuring a CMP server that has an optional Ethernet Mezzanine card 2, you will see the additional interface BKUP available for editing. This interface is dedicated to perform remote archive activities for CMP backup operations. BKUP is included if ALL is selected for Interface on the Customize Firewall screen.
    Note: The REP network selection will be available for editing in the Interface screen only for c-Class MPE and MRA devices if a static IP is set in the topology for MPE and MRA devices. The REP selection will not be available for editing for a CMP server or any other Policy Management server.

  17. To delete an existing custom rule, select Delete Rule from the Connection Action Menu screen and press Enter.
  18. Select the rule to be deleted from the Select Rule Menu and press Enter.
  19. When all editing is complete, save and apply the changes to the system:
    1. If not at the Firewall Configuration Menu screen, select Exit to return to the Firewall Configuration Menu screen.
    2. Select Save and Apply Configuration from the Firewall Configuration Menu screen and press Enter to save all changes.

      A dialog box will open to confirm that the request to apply the changes is successful.
      Note: During the editing of firewall configuration settings, if an attempt is made to leave the Firewall Configuration Menu screen with unsaved changes, you are presented with a screen where you can save changes and exit, exit without saving changes, or return to the Firewall Configuration Menu to continue.
      Note: When all firewall configuration setting changes are completed, be sure to use menu item Save and Apply Configuration from the Firewall Configuration Menu screen to commit the changes made to the firewall configuration files and restart the firewall.
      Note: In the preceding configuration steps, the term All indicates open access to any interface, for example: PMAC, REP, OAM, SIG-A, and SIG-B.