configureOutboundFirewall command

Last Updated : Sep 10, 2020 |

With Release 8.1.3, you can configure System Manager outbound firewall by using the configureOutboundFirewall command.

When you configure the outbound firewall rule, System Manager can connect only to those destination system that are added in the allowed whitelist. Therefore, when you add the very first outbound firewall rule, ensure that you add all the required destination IP Addresses in the allowed whitelist to which System Manager will connect to.

By using the configureOutboundFirewall command, you can add, list, view status, disable, remove, and overwrite the IP addresses and FQDN in the whitelist for establishing the outbound connection from System Manager. You can also enable, disable, and view the status of logs for any connection that are dropped. This command supports the IPv4, IPv6, FQDN, and Network with Classless Inter-Domain Routing (CIDR) notation addresses.

Note the following:

  • In the Geographic Redundancy setup, if you need to configure the outbound firewall rules, then you need to add the peer IP addresses on the primary and secondary System Manager servers.

  • By using, the configureOutboundFirewall command, you cannot configure the outbound firewall in the Software-only environment.

Syntax

configureOutboundFirewall [add {-s} {-f}] [list] [status] [remove {-e} {-f}] [disable] [overwrite {-s} {-f}] [enable-logging] [disable-logging] [logging-status]
-h
Displays the help for the command.
add -s
Adds the destination IPv4, IPv6, FQDN, and Network with CIDR notation IP addresses in the whitelist. While processing the FQDN, System Manager resolves the FQDN to its IP Address, and adds that IP address in the whitelist. You can add multiple entries with comma-separated values.
add -f
Adds the destination IPv4, IPv6, FQDN, and Network with CIDR notation IP addresses in the whitelist through a file.
list
Displays the list of outbound firewall rules.
status
Displays the status of outbound firewall configuration.
remove -e
Removes the entry of the outbound firewall rules from the whitelist.
remove -f
Removes the file of the destination outbound firewall rules.
disable
Disables the outbound firewall rules.
overwrite -s
Overwrites the existing list of outbound firewall rules in the whitelist.
overwrite -f INPUT_FILE
Overwrites the existing file of outbound firewall rules.
enable-logging
Captures the logs for any dropped connections. By default, the outbound firewall rule logging is disabled. System Manager stores the logs in the /var/log/outbound_firewall.log file.
disable-logging
Disables the outbound firewall rule logging.
logging-status
Displays the outbound firewall rule logging status.
Related information
Configuring the outbound firewall rules
Viewing the list of outbound firewall rules
Viewing the outbound firewall rule status
Removing outbound firewall rules
Disabling the outbound firewall rule
Overwriting the existing outbound firewall rules
Managing the outbound firewall rule logging