These instructions provide step-by-step instructions for identifying the Firewalls in use on an account and the associated VLANs. They can also be used for identifying unprotected VLANs and for planning the deployment of a Firewall solution.
Firewall Overview by VLAN
Log in to Control
Navigate to Network -> IP Management -> VLANs
Filter By "Primary Router: fcr" to view only your Public VLANs (optional)
Each row represents a VLAN in your infrastructure. SoftLayer populates the "VLAN Number" and "Primary Router" information automatically indicating the true VLAN number and the router that it is configured on. The "Name" field is left for customers to define a recognizable name (Such as DMZ, Intranet, Public, or Database).
The far right column (Gateway / Firewall) contains a details about what hardware firewall protection is in place. It will include one of the following:
Add Firewall: This indicates that there are no firewalls in place for servers on this VLAN.
Individually Protected Servers: This indicates that one or more servers is utilizing a Hardware Firewall (Shared) and that there is not a Hardware Firewall (Dedicated), Fortigate Security Appliance, or Network Gateway in place. (note: VLAN firewalls and network gateways are not able to be placed on a VLAN that has individually protected servers)
Firewall-vlanXXXX.networklayer.com: This indicates that there is a Hardware Firewall (Dedicated) or Fortigate Security Appliance in place. (note: only 1 VLAN firewall or Network Gateway can be associated with a VLAN, but a server can be protected on the public VLAN by a VLAN firewall and associated on the private network with a Network Gateway).
GatewayName: If a name is in this field, it is associated with a Network Gateway for which customers establish naming conventions.
Individually Protected Servers View
On the VLANs screen, identify a row with "Individually Protected Servers" in the Gateway/Firewall area and click on the associated VLAN Number link. This will display the details for the VLAN including the associated Devices.
From here, you can click on each device and review whether a Hardware Firewall is in place for that particular Server.
Once you have clicked on a device, scroll the bottom of the Configuration tab. You will see "Firewall" in the addons section with their "Installed" or "Not Installed" for the status. "Not Installed" indicates that no hardware firewall is in place for this device. "Installed" indicates that a Hardware Firewall is in place and you will have a "Firewall" tab available on the device where you can manage the firewall configuration.
Dedicated Firewall View
On the VLANs screen, identify a row with "" in the Gateway/Firewall area and click on that firewall. From there you'll be presented with either a Hardware Firewall (Dedicated) or a Fortigate Security Appliance. The device details will include the associated Router, VLAN, and IPv4/IPv6 Subnets, the devices associated with that VLAN, and the controls for routing traffic through or around the firewall.
Hardware Firewall (Dedicated): These devices will have a control for whether traffic is routed though the firewall, rules are processed, a reporting tool, and an additional "Rules" tab for managing firewall rules.
Fortigate Security Appliance: These devices will have the management IP, username, and password. Management is completed through the management GUI or SSH-based console.
Network Gateway View
On the VLANs screen, identify a row with the Gateway/Firewall area populated by a Network Gateway device name. Clicking this devices name will take you to the interface displaying associated frontend (FCR) and backend (BCR) VLANs and Network Gateway management options.