Viewing Recommended Firewall Rules

On the
Security Planning
page, when you click the wedge or the edge in the
Micro-Segments
topology diagram, you can view the list of the services, flows, and recommended firewall rules for that particular segment. Click
Recommended Firewall Rules
to view the rules defined on it. The members of the source or the destination are listed under the following types of rules:
  • Physical to Physical: This tab lists all the rules associated with the physical and Internet IPs. The rules can be for physical-physical, physical-Internet, Internet-physical, or Internet-Internet entities.
  • Virtual: This tab lists all rules where at least one of the endpoints is a VM.
The Services and Flows page displaying a list of the services and flows for
					web.
For each firewall rule, the following details are available:
  • Show members of the group: Click the
    +
    sign next to the name of the entity to see the members of the group. The services and Flows page displaying the recommended firewall rules
							and entities associated with the firewall rules.
    • The members are not shown for the groups belonging to the Internet category.
    • If a security group has both virtual and physical IPs, the physical and the Internet IPs are not shown in the list of the members of that particular group.
    • The member Kubernetes services are shown under the
      Kubernetes Services
      tab.
    • If the member count or the entry is zero for
      Virtual Machine
      ,
      Physical & Internet IPs
      , or
      Kubernetes Services
      the tab is not visible.
  • Source
  • Destination
  • Services
  • Protocols
  • Action
  • Related Flows: Click the number of the related flows to see the list of flows with the corresponding flow information.
  • View Applied Firewall Rules: Click the
    +
    sign next to the
    Related Flows
    column to view the applied firewall rules corresponding to the similar sets of flows.
    The services and Flows page displaying the + sign next to the
								Related Flows column to view the applied firewall rules.
You can export the recommended rules as XML or CSV based on your requirement.
You can export recommended rules related to Kubernetes objects in the YAML format also.
Refer to Exporting Rules for more information on these artifacts.

Recommended Firewall Rule to Secure Vulnerable OS

Use the following procedure to get recommended firewall rule to secure vulnerable OS:
  1. Go to
    Applications
    All Applications
    Add
    .
  2. In the
    Add Application
    page, do the following actions:
    Options
    Actions
    Application Name
    Type a name for the Application
    Tier / Deployment
    • Provide a unique name for the tier.
    • In the
      Member
      drop-down, select
      Custom VM Search
      and in the
      Search your application environment
      text box add the following condition:
      in the qualifier put the matching criteria as: Operating System like 'Microsoft Windows Server 2003' or Operating System like 'Microsoft Windows Server 2008' or Operating System like 'Red Hat Enterprise Linux 6' or Operating System like 'Red Hat Enterprise Linux 5' or Operating System like 'SUSE Linux Enterprise 10'
  3. Click
    Save
    .
  4. Go to
    Plan & Assess
    Security Planning
    .
  5. In the
    Scope
    drop-down, select
    Application
    and the name of application you created.
  6. In
    Duration
    drop-down, select
    Last 7 days
    .
  7. To get the recommended firewall rules, click
    Analyze