FWCloud-UI is the user interface that allows us to manage all our firewall clouds. It is a web interface accessible through browsers such as Chrome or Firefox, developed using the Angular framework thanks to which it has a desktop application behaviour, even if it's ran within our web browser.
It is a fairly simple and intuitive application to manage for users accustomed to working with firewalls based on IPTables.
In this section we will be showing several tutorial videos that will help us understand how to use FWCloud and the most advisable use practices. These videos are part of our YouTube channel, which we will update as we add new features to FWCloud-UI.
As we explained in the instalation section, we have to open the access URL to FWCloud-UI to be able to download the user interface and execute it in our browser. Once the download is complete, the login window will be presented. In a new installation, the default access data will be:
Customer code: 1
User name: fwcadmin
Since the default password for a new installation is very insecure, it is convenient to change it as soon as possible.
Your first FWCloud
The first thing we have to do to get started is to create our first FWCloud.
An FWCloud is a logical grouping of firewalls, firewall clusters, IP objects, VPN connections, etc.
We can have an FWCloud for each of our clients or, for example, one for each country for a multinational company.
Your first firewall
We are going to create our first Firewall within the FWCloud that we created in the previous step. We will use this firewall for the machine in which we are running FWCloud, which in the case of this tutorial, it's a virtual machine created from FWCloud-VM.
In this video, we create the network interfaces that the firewall will have. We also define the interface and IP address that we will use for the installation of the security policy.
The security policy is loaded using a shell script that is uploaded to the firewall using SSH. Therefore, we have to have SSH access from our FWCloud server to the indicated IP address.
In this case, as we are creating the firewall for our own FWCloud server, the IP address will be localhost.
PKI for VPNs creation
In order to create VPN connections we need to have a PKI (Public Key Infrastructure) through which to generate certificates linked to each VPN connection, in such a way that they identify each VPN in an univocal way.
As you'll see, it's very easy to create a PKI and server / client certificates through FWCloud-UI.
Since all the firewalls connected to our FWCloud server will be managed using SSH connections, it is highly advisable that they connect to our server using a VPN connection.
This is what we call administration VPNs, that is, VPN connections through which we manage our cloud of firewalls safely.
To do this we are going to create an OpenVPN server in our FWCloud, in a very simple way through the FWCloud-UI user interface. We will also create a client VPN configuration for a firewall that we are going to use in this tutorial.
Policy to allow administration VPNs access
We are going to modify the policy of our firewall to enable access to the OpenVPN server that we have just created.
In this way we will allow the firewalls belonging to our FWCloud platform to be connected to it through the administration VPNs, with which we can manage them in a secure way.
Firewall / Cluster
To better understand how we will manage our firewalls and firewall clusters from a FWCloud platform, in the following video tutorial we will set up a new firewall and a new cluster of firewalls that we will connect to our FWCloud server through management VPNs.
We will also see how to create a folder within the firewall tree to better understand how to organize our firewalls / clusters.
In this video, we set up the management VPNs for the firewall and cluster of firewalls that we have just created.
We install the respective VPNs that we have just generated, both in the VPN server (CCD files) and in the firewall and each of the nodes in the firewall cluster.
We generate the necessary security policy in the firewall and in the cluster to allow the management of the security policy from our FWCloud platform.
Compiling / installing the security policy
We modify the configuration of the firewall and cluster to be able to load the policy through these the VPNs of administration that we created in the previous section.
We compile the security policy and proceed to the installation of it using the administration VPNs that we configured in the previous section.
This is very useful, given that the firewall / cluster that we want to manage can be anywhere in the world, all it needs is an Internet access to be able to establish the administration VPN. In addition, it is very safe, since each VPN is unique and assigned a specific IP.
VPN connection status
You can visualize the real-time status of the VPN connections established on our FWCloud server.
These VPNs correspond to the administration VPNs, but we could visualize the status of any other OpenVPN tunnel terminator through this menu option.