Configuring Firewall Rules to Manage Traffic to and from a Private Space
By default, all traffic to your private space is blocked unless it is explicitly allowed in a firewall rule.
Creating a private space automatically creates these firewall rules:
-
Two rules to allow inbound connections from any host:
-
HTTPS: port 443
-
HTTP: port 80
-
-
Two rules to allow outbound connections from within your private space to any host:
-
TCP: All ports
-
HTTPS: 443
-
You can also configure inbound firewall rules that use TCP as the protocol.
To support Anypoint MQ, API Manager, and ObjectStore v2, you must allow outbound traffic on port 443 (HTTPS).
Configure Firewall Rules
-
From Anypoint Platform, select Runtime Manager > Private Spaces.
-
Click the name of the private space to manage.
-
Click the Firewall rules tab.
-
Configure default rules for inbound traffic by selecting the Protocol and Source from the drop-down lists:
- Protocol
-
Protocol type:
-
HTTP
-
HTTPS
-
- Source
-
Source IP address:
-
Anywhere (0.0.0.0/0)
-
Local private network
This option is available only if a private network exists in the private space.
-
- Ports
-
Ports for inbound traffic are not configurable:
-
Port 80 is reserved HTTP.
-
Port 443 is reserved for HTTPS.
-
Other ports below 1024 are not allowed. Ports 1024 and above are allowed for plain TCP connections, but not for additional HTTP/HTTPS ingress endpoints.
-
-
Configure default rules for outbound traffic by selecting the Protocol and Destination from the drop-down lists:
- Protocol
-
Protocol type:
-
All
-
TCP
-
UTP
-
HTTP
-
HTTPS
-
- Destination
-
Destination IP address:
-
Anywhere (0.0.0.0/0)
-
Local private network
This option is available only if a private network exists in the private space.
-
- Ports
-
Port ranges for outbound traffic are configurable.
-
Click Add rule to add more rules.
-
To remove a firewall rule, click the trash can icon (Delete) for the entry.
-
Click Save Changes or Discard changes.