Quick Start Guide
This short guide provides the basic information new users need to save time when first learning to use the Firewall Builder application. The complete Firewall Builder Users Guide can be found here.
- Objects. Firewall Builder is based on the concept of objects. Users create objects like IP networks and IP addresses to represent items that will be used in firewall rules.
- Libraries. Objects are stored in libraries. By default Firewall Builder comes with two object libraries. The library called User is used to store objects that the user creates. The read-only library called Standard contains hundreds of predefined objects like common TCP and UDP services.
- Compile. After you create a Policy with firewall rules in Firewall Builder you need to compile the Policy. Compiling converts your rules from the Firewall Builder syntax to the command syntax used by the target firewall platform. Any time you change the rules of a firewall you need to recompile the ruleset.
The Firewall Builder application is comprised of three primary panels shown in the screenshot below.
- Object Panel. Objects in the active Library are displayed in an object tree in the Object Panel. Empty folders are defined for all possible object types that a user can create in the User library.
- Rules Panel. When a Policy object is opened for editing it is displayed in the Rules Panel. Clicking on the '+' button at the top of the panel creates a new rule.
- Editor Panel. Double-clicking on objects opens them for editing in the Editor Panel. Changes to object attribute fields take effect immediately.
Panels open dynamically based on what activity the user is performing. For example, double-clicking an object to edit it will open the Editor Panel if it is not already open.
Creating a New Firewall
To create a new firewall object, click on the Create New Firewall shortcut in the center of the screen. This will launch a wizard that walks you through configuring the firewall.
- Platform. Choose the type of firewall you are creating. For example, if you want to create a firewall on a Linux webserver, select "iptables" as the firewall software.
- Templates. Firewall Builder comes with predefined templates for common firewall deployments. To use these templates select the "Use preconfigured firewall templates".
- Interface names. When you create a new firewall make sure the interface names are exactly the same name as the interface on the device. If these don't match Firewall Builder won't be able to install the rules on the device. For example, if you are creating a iptables firewall on Linux the interface names should be eth0, eth1, etc.
Hint: You can also create a new firewall by clicking on the New Object icon at the top of the Object Panel and selecting New Firewall.
Before you can use an object in a firewall rule it must first exist in an object Library. Commonly used objects, like the HTTP service, are predefined in the Standard object library. Users create objects, like internal IP networks, that match their specific network environments in the User object library.
The diagram below shows the location of buttons for many common actions.
- Create New Objects. Create new objects by clicking on the New Object button or by browsing in the object tree to the type of object you want to create, then right click and select the New ... entry that matches the desired object type.
- Edit Objects. Edit objects by double-clicking to open them in the Editor Panel. Changes to object attributes, like name, take effect immediately.
- Create New Rules. Double-clicking a firewall's Policy object will open it in the Rules Panel. Click on the green '+' button at the top left of the Rules Panel to add a new rule to the Policy.
- Drag-and-Drop Objects. When a new rule is created the default values make the rule an explicit deny all. To update the rule to match your desired values drag objects from the object tree on the left to the rule field you want to change. For example, dragging-and-dropping a network object in the Source field will change the source from "Any" to use that network object.
- Switch Libraries. Firewall Builder comes with many commonly used objects predefined in the Standard Library. The User Library contains the user created objects. To switch libraries click on the drop down list at the top of the Object Panel. Objects in both the Standard & User Libraries can be dragged directly to a firewall rule.
Compiling and Installing Rules
After you have created a firewall object and updated the rules in its Policy object, the next step is to compile and install these rules on your firewall device.
Deployment is done in 2 steps:
- Compile. Compiling the rules converts the rules from Firewall Builder's syntax to a file containing the command syntax used by the firewall device type and saves the output in a file. For example, compiling the rules for a firewall with the type set to iptables will generate a file that includes the rules in iptables format. After the firewall rules are compiled you can view the resulting command file generated by Firewall Builder:
- Install. Installing the firewall rules involves transmitting the file with the rules to the target device and then running that file to install the rules. The secure protocols SSH and SCP are used for this, so you will need to provide valid user credentials with the appropriate permissions on the target device.
Firewall Builder is a powerful application for managing many different types of firewalls, so it is impossible to cover all the configuration capabilities in a short guide. Here are some additional resources to help you get started.