Tuesday, November 30, 2010

Creating local rules for cluster members

In our last post we talked about how to use the Firewall Builder cluster feature to create a single firewall ruleset that gets installed on multiple servers. This is great if all your servers should be running exactly the same firewall rules, but what if some of the servers also need to have their own unique rules?

Firewall Builder lets you define multiple firewall policies, so you can have a server running a policy configured as part of the cluster and then the same server can also run its own local firewall policies. What you end up with is a cascading chain of firewalls similar to the diagram below.

You can control the order that the firewall policies are evaluated and you can name them to match their function. You can find the complete configuration details in our latest cookbook article:

Cookbook: Creating Local Firewall Rules for a Cluster Member