Fw Builder Quick Overview

7/29/2019 Fw Builder Quick Overview

1/3

This short guide provides the basic information new users need to save time when first learning to use

the Firewall Builder application. The complete Firewall Builder Users Guide can be found here.

Objects. Firewall Builder is based on the concept of objects. Users create objects like IP networks

and IP addresses to represent items that will be used in firewall rules.

Libraries. Objects are stored in libraries. By default Firewall Builder comes with two objectlibraries. The library called User is used to store objects that the user creates. The read-only library

called Standard contains hundreds of predefined objects like common TCP and UDP services.

Compile. After you create a Policy with firewall rules in Firewall Builder you need to compile the

Policy. Compiling converts your rules from the Firewall Builder syntax to the command syntax

used by the target firewall platform. Any time you change the rules of a firewall you need to

recompile the ruleset.

Key Concepts

GUI LayoutThe Firewall Builder application is comprised of three primary panels shown in the screenshot below.

Object Panel. Objects in the active Library are displayed in an object tree in the Object Panel.

Empty folders are defined for all possible object types that a user can create in the User library.

Rules Panel. When a Policy object is opened for editing it is displayed in the Rules Panel. Clicking

on the '+' button at the top of the panel creates a new rule.

Editor Panel. Double-clicking on objects opens them for editing in the Editor Panel. Changes to

object attribute fields take effect immediately.

Panels open dynamically based on what activity the user is performing. For example, double-clicking an

object to edit it will open the Editor Panel if it is not already open.

Creating a New FirewallTo create a new firewall object, click on the Create New Firewall shortcut in the center of the screen.

Quick Start Guide

FWBuilder pgina 1


2/3

This will launch a wizard that walks you through configuring the firewall.

Platform. Choose the type of firewall you are creating. For example, if you want to create a

firewall on a Linux webserver, select "iptables" as the firewall software.

Templates. Firewall Builder comes with predefined templates for common firewall deployments.

To use these templates select the "Use preconfigured firewall templates".

Interface names. When you create a new firewall make sure the interface names are exactly the

same name as the interface on the device. If these don't match Firewall Builder won't be able to

install the rules on the device. For example, if you are creating a iptables firewall on Linux the

interface names should be eth0, eth1, etc.

Hint: You can also create a new firewall by clicking on the New Object icon at the top of the Object Panel

and selecting New Firewall.

Configuring RulesBefore you can use an object in a firewall rule it must first exist in an object Library. Commonly used

objects, like the HTTP service, are predefined in the Standard object library. Users create objects, like

internal IP networks, that match their specific network environments in the User object library.

The diagram below shows the location of buttons for many common actions.

Create New Objects. Create new objects by clicking on the New Object button or by browsing in

the object tree to the type of object you want to create, then right click and select the New ...

FWBuilder pgina 2


3/3

entry that matches the desired object type.

Edit Objects. Edit objects by double-clicking to open them in the Editor Panel. Changes to object

attributes, like name, take effect immediately.

Create New Rules. Double-clicking a firewall's Policy object will open it in the Rules Panel. Click on

the green '+' button at the top left of the Rules Panel to add a new rule to the Policy.

Drag-and-Drop Objects. When a new rule is created the default values make the rule an explicit

deny all. To update the rule to match your desired values drag objects from the object tree on the

left to the rule field you want to change. For example, dragging-and-dropping a network object in

the Source field will change the source from "Any" to use that network object. Switch Libraries. Firewall Builder comes with many commonly used objects predefined in the

Standard Library. The User Library contains the user created objects. To switch libraries click on

the drop down list at the top of the Object Panel. Objects in both the Standard & User Libraries

can be dragged directly to a firewall rule.

Compiling and Installing RulesAfter you have created a firewall object and updated the rules in its Policy object, the next step is to

compile and install these rules on your firewall device.

Compile. Compiling the rules converts the rules from Firewall Builder's syntax to a file containing

the command syntax used by the firewall device type and saves the output in a file. For example,

compiling the rules for a firewall with the type set to iptables will generate a file that includes the

rules in iptables format. After the firewall rules are compiled you can view the resulting command

file generated by Firewall Builder:

Install. Installing the firewall rules involves transmitting the file with the rules to the target device

and then running that file to install the rules. The secure protocols SSH and SCP are used for this,

so you will need to provide valid user credentials with the appropriate permissions on the target

device.

Deployment is done in 2 steps:

FWBuilderpgina3

Documents

Fw Builder Quick Overview