Subscribe to Lumen Cloud Knowledge BaseDescription:
Lumen Cloud Platform firewall policies make it simple to connect networks within a given account or across accounts. Firewall policies are inherently one-way, but it is very straightforward to craft a pair of policies that enable bi-directional communication. This walkthrough builds upon the servers, networks and policies built in the KB article entitled Connecting Data Center Networks Through Firewall Policies.
Steps:
1. Confirm that you have two servers in two different networks.
- In the KB article reference above, there was a parent account and a sub-account, and a network and server in each. The two servers operate on different networks.
2. Build a pair of policies that enable network communication in both directions.
- Check the existing firewall policies by navigating to the Firewall menu item under the Network menu. From the previous KB article walkthrough, there should be a single firewall policy that makes it possible for the server in the parent account's network to ping a server in the sub-account's network.
- This traffic is one-way only. To confirm this, attempt to ping the server in the parent account from the server in the sub-account. Notice that the request times out because network traffic is not allowed from the child network to the parent.
- In order to allow servers in the sub-account's network to communicate with servers in the parent account's network, another firewall policy must be created.
- Switch the Source Account and Destination Account values at the top of the page to reflect the sub-account as the source and parent account as the destination.
- Click the add policy button and add a firewall policy that allows traffic from (restricted) IP addresses in the sub-account network to (restricted) IP addresses in the parent account network.
- Save the firewall policy.
3. Confirm that the policies are working.
- From the server in the sub-account's network, once again attempt to ping the server in the parent account's network.
- As expected, the traffic is now configured to travel in both directions between the networks. So in order to create bi-directional network communication, create two firewall policies overall.
