Managing Protection Rules in Batches
You can add and export protection rules in batches.
Constraints
Only the professional edition supports the import and export of VPC border protection policies.
Importing Protection Rules in Batches
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click and choose . The Dashboard page will be displayed.
- (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
- In the navigation pane, choose .
- Click Download Center on the upper right of the list.
- Click Download Template to download the rule import template to the local host.
- Fill in the template. For details, see Parameters of Rule Import Template - Protection Rule Table (Internet Border Protection Rule) and Parameters of Rule Import Template - VPC Protection Rule Table (VPC Border Protection Rule).
- A maximum of 640 rules and members can be imported at a time on each tab page.
- Do not change the template file format, or it may fail to be imported.
- After filling in the template, click Import Rule to import the template.
- Rule import takes several minutes.
- During rule import, you cannot add, edit, or delete access policies, IP address groups, and service groups.
- The priority of the imported policies is lower than that of the created policies.
- Click Download Center to view the status of the rule import task. If the Status is Imported, the import succeeded.
- Return to the protection rule list to view the imported protection rule.
Exporting Protection Rules in Batches
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click and choose . The Dashboard page will be displayed.
- (Optional) If the current account has only one firewall instance, the firewall details page is displayed. If there are multiple firewall instances, click View in the Operation column to go to the details page.
- In the navigation pane, choose .
- Click Download Center on the upper right of the list.
- Click Export Rule to export rules to a local PC.
Parameters of Rule Import Template - Protection Rule Table (Internet Border Protection Rule)
Parameter |
Description |
Example Value |
---|---|---|
Order |
Order number of a rule. |
1 |
Acl Name |
Name of the rule. The name can contain up to 255 characters, including letters, numbers, underscores (_), hyphens (-), and spaces. |
test |
Protection Rule |
Protection type of a security policy.
|
EIP protection |
Direction |
Direction of protected traffic.
|
Outbound |
Action Type |
Allow or Block. It specifies the action taken by the firewall to process traffic. |
Allow |
ACL Address Type |
Select IPv4. It is the type of IP addresses to be protected. |
IPv4 |
Status |
Whether a policy is enabled.
|
Enabled |
Description |
Rule description |
test |
Source Address Type |
Source address type of data packets in the access traffic.
|
IP Address |
Source Address |
If Source Address Type is set to IP Address, you need to configure this parameter. The following input formats are supported:
|
192.168.10.5 |
Source Address Group Name |
If Source Address Type is set to IP Address Group, you must configure this parameter.
The following input formats are supported:
|
s_test |
Source Continent Region |
If Source Address Type is set to Region, you need to configure Source Continent Region. Enter the continent information according to the continent-region-info sheet of the template table. |
AS: Asia |
Source Country Region |
If Source Address Type is set to Region, you need to configure Source Country Region. Enter the country information according to the country-region-info sheet of the template table. |
CN: Chinese mainland |
Destination Address Type |
Destination address type of data packets in the access traffic.
|
IP Address Group |
Destination Address |
If Destination Address Type is set to IP Address, you must configure this parameter. It can be:
|
192.168.10.6 |
Destination Address Group Name |
If Destination Address Type is set to IP Address Group, you must configure this parameter.
The following input formats are supported:
|
d_test |
Destination Continent Region |
If Destination Address Type is set to Region, you need to set Destination Continent Region. Enter the continent information according to the continent-region-info sheet of the template table. |
AS: Asia |
Destination Country Region |
If Destination Address Type is set to Region, you need to set Destination Country Region. Enter the country information according to the country-region-info sheet of the template table. |
CN: Chinese mainland |
Domain Name |
If Destination Address Type is set to Domain Name, you must configure this parameter. The domain name is used by visitors to access your website. A domain name consists of letters separated by dots (.). It is a human readable address that maps to the machine readable IP address of your server. |
www.example.com |
Destination Domain Group Name |
If Destination Address Type is set to Domain Group Name, you need to configure Destination Domain Group Name. Enter a domain group name. |
Domain group 1 |
Service Type |
Service type. It can be:
|
Service |
Protocol/Source Port/Destination Port |
Type to be put under access control.
|
TCP/443/443 |
Service Group Name |
Service group name. The name can contain up to 255 characters, including letters, numbers, underscores (_), hyphens (-), and spaces. |
service_test |
Group Tag |
Tags are used to identify rules. You can use tags to classify and search for security policies. |
k=a |
Parameters of Rule Import Template - VPC Protection Rule Table (VPC Border Protection Rule)
Parameter |
Description |
Example Value |
---|---|---|
Order |
Order number of a rule. |
1 |
Acl Name |
Name of the rule. The name can contain up to 255 characters, including letters, numbers, underscores (_), hyphens (-), and spaces. |
test |
Action Type |
Allow or Block. It specifies the action taken by the firewall to process traffic. |
Allow |
Status |
Whether a policy is enabled.
|
Enabled |
Description |
Rule description |
test |
Source Address Type |
Source address type of data packets in the access traffic.
|
IP Address |
Source Address |
If Source Address Type is set to IP Address, you need to configure this parameter. The following input formats are supported:
|
192.168.10.5 |
Source Address Group Name |
If Source Address Type is set to IP Address Group, you must configure this parameter.
The following input formats are supported:
|
s_test |
Destination Address Type |
Destination address type of data packets in the access traffic.
|
IP Address Group |
Destination Address |
If Destination Address Type is set to IP Address, you must configure this parameter. It can be:
|
192.168.10.6 |
Destination Address Group Name |
If Destination Address Type is set to IP Address Group, you must configure this parameter.
The following input formats are supported:
|
d_test |
Service Type |
Service type. It can be:
|
Service |
Protocol/Source Port/Destination Port |
Type to be put under access control.
|
TCP/443/443 |
Service Group Name |
Service group name. The name can contain up to 255 characters, including letters, numbers, underscores (_), hyphens (-), and spaces. |
service_test |
Group Tag |
Tags are used to identify rules. You can use tags to classify and search for security policies. |
k=a |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot