Managing Firewall Rule Sets

This guide walks you through creating firewall rule sets, adding rules, associating them with virtual machines, and managing your firewall configuration from the portal.

Note: If you navigate to Networking > Firewall and do not see the firewall interface, this feature may not be enabled on your account. Contact your NetActuate account manager to have it activated.

Prerequisites

A NetActuate account with firewall functionality enabled
At least one deployed virtual machine

Create a Firewall Set

A firewall set is a named collection of rules that can be applied to one or more virtual machines.

Navigate to Networking > Firewall.
If this is your first firewall set, you will be prompted to add one. Otherwise, click + Add.
Enter a Name and optional Description for the rule set.
The Enabled toggle is on by default. Leave it enabled to activate the set when applied to VMs, or disable it to configure rules before activating.
Click Add to create the set.

After creation, you are returned to the firewall list view showing all your firewall sets. You can create multiple sets for different purposes, for example a default set for all VMs and specialized sets for web servers, database servers, or other service types.

Add Firewall Rules

Click into a firewall set to open its management page. Click Edit Rules to open the rule editor.

Click Add to create a new rule.
Configure the rule:
- Rule Order sets the evaluation priority. Rules are processed in order, and you can also drag rules up and down in the editor to reorder them after creation.
- IP Version selects IPv4 or IPv6.
- Action selects Accept or Drop.
- Protocol selects TCP, UDP, or ICMP.
  - For TCP or UDP: specify Source Port Range and Destination Port Range.
  - For ICMP: select an ICMP Type (Echo Reply/Pong or Echo Request/Ping).
- Source Networks accepts one or more CIDR-formatted addresses (e.g., 192.168.0.0/24). You can add multiple entries.
- Destination Networks accepts one or more CIDR-formatted addresses.
- Comment is an optional note describing the rule's purpose.
- Enabled toggle lets you create rules in a disabled state for later activation.
Click Submit to add the rule.

Repeat to add additional rules. When finished, click Save and Apply to commit the rule set.

Rule List View

The firewall set management page shows a table of all rules with these columns:

Status (enabled/disabled)
Priority (evaluation order)
IP Version (IPv4/IPv6)
Protocol (TCP/UDP/ICMP)
Direction
Action (Accept/Drop)
Source Networks
Destination Networks
Source Ports (TCP/UDP only)
Destination Ports (TCP/UDP only)
Special Options
Comment (hover to view full text)

Each rule has Edit and Delete icons. Deleting a rule prompts for confirmation. You can also use the search bar to filter rules in large rule sets.

Reorder Rules

Rule order determines evaluation priority. In the rule editor, drag rules up or down to change their position. The priority number updates automatically when you rearrange rules. Click Save and Apply after reordering.

Sync Rules

After editing rules, you must sync them to push changes to all associated virtual machines. Click Sync Rules at the top of the firewall set management page. This applies the current rule set to every VM associated with the set.

Note: Sync Rules must be run any time you add, edit, delete, or reorder rules. Changes are not applied to VMs until you sync.

Associate VMs with a Firewall Set

Firewall sets can be applied to virtual machines in four ways:

1. From the Firewall Set (Associated VMs tab)

Open a firewall set and click the Associated Virtual Machines tab. Click Add, search for VMs by name or IP, and select the VMs to associate. Click Sync Rules to apply the rule set.

2. During VM Deployment

When deploying a new VM through the build wizard, you can select a firewall set to associate with the VM at deployment time. The set is applied automatically once the VM is built.

3. Account-Wide Default (Global Setting)

Navigate to Account > Settings and look for the Force firewall set option under the Security section. When a default firewall set is configured here, it is automatically applied to all newly created virtual machines across your account.

4. Via the API

Use the firewall API to create associations programmatically. See the Firewall API Reference for endpoint details.

Edit or Delete a Firewall Set

From the firewall list view, click into any set to manage it. You can edit the set name, description, and enabled state. To delete individual rules, use the delete icon in the rules table. To remove VM associations, go to the Associated Virtual Machines tab.

Need Help?

Contact support@netactuate.com or open a support ticket from the portal.

Prerequisites​

Create a Firewall Set​

Add Firewall Rules​

Rule List View​

Reorder Rules​

Sync Rules​

Associate VMs with a Firewall Set​

1. From the Firewall Set (Associated VMs tab)​

2. During VM Deployment​

3. Account-Wide Default (Global Setting)​

4. Via the API​

Edit or Delete a Firewall Set​

Need Help?​