How to deploy Firewall-as-a-Service in OpenStack

What is OpenStack FWaaS (Firewall-as-a-Service)?

OpenStack FWaaS (Firewall-as-a-Service) provides security and traffic control in cloud networks. Its features include:

• Network security: FWaaS filters traffic, blocks unwanted connections and prevents unauthorised access to resources.
  
• Access Management: allows configuration of access rules to restrict or allow access to specific services and ports.
• Security compliance: enables organisations to meet security standards by regulating traffic and enforcing security policies.
• Monitoring and analysis: provides traffic monitoring and analysis capabilities to identify potential threats and attacks.
• Flexibility and scalability: allows you to adapt rules and policies to different needs and scale your infrastructure as your business grows.
• Overall, OpenStack FWaaS provides the necessary level of protection and network management in a cloud environment, making it a critical component in ensuring the security and efficient operation of cloud infrastructures.

How to create rules in OpenStack FWaaS.

Rules in OpenStack FWaaS (firewall-as-a-service) are configured in the Horizon dashboard.

To learn how to log in and work with the Horizon dashboard, read the article

КHow to create a virtual server in the Horizon Openstack control panel

1. Log in to Horizon, go to the "Network" section and select the "Firewall Groups" tab

A window with three tabs will open:

• Firewall Rules:
  Displays current firewall rules and allows you to create, edit and delete rules.
• Firewall Policies:
  This section contains firewall policies that define the rules to be applied to network objects.
• Firewall Groups:
  Create and manage groups of network objects to which specific firewall policies are applied.

2. Go to the "Add Rule" tab and create a rule.

In our case, we will block access to port 80.

Fill in the form:

• Rule name - port_80_vm1
• Protocol - TCP
• Action - DENY
• Port(s) - 80
• IP version - 4
• Check the box Enabled

3. Create a firewall group.

Firewall groups in OpenStack FWaaS provide convenient and flexible management of firewall rules for different network objects, simplifying their configuration, management and updates.

To create a firewall group, go to the Groups tab.

Enter the group name and then click the "Add" button

4. Assign policies to the groups.

Policies in OpenStack FWaaS provide centralised management of firewall rule sets, simplify the grouping and application of rules to network objects, and provide flexibility, scalability and ease of network security management in the cloud infrastructure.

They specify sets of rules for managing network traffic. These rules determine what traffic is allowed and denied, and what actions should be taken on network packets according to security requirements.

To create policies, go to the Policy tab.

4.1 Enter the policy name and a brief description, then click the "ADD" button:

4.2 The Policy tab opens for selecting rules for the policy. Select the required rule.

5. On the Firewall Group tab, add the port to which the rule will be applied

In the drop-down list of the group row, select Add Port Add Port

In the opened window select the required port - R1 (router)

6. Add a rule to the policy

Go to the "Policy" tab, select the desired policy. Then click the down arrow and choose "Insert Rule" from the dropdown list.

In the window that opens, specify the order in which the rules are to be applied.

Click “Save changes”

Done.

7. Go to the Firewall Groups tab to ensure that the status of the rule group is active.