Managing FaaS
- 29 Apr 2024
- 2 Minutes to read
- Contributors
Managing FaaS
- Updated on 29 Apr 2024
- 2 Minutes to read
- Contributors
Article Summary
Share feedback
Thanks for sharing your feedback!
Understanding FaaS
Firewall as a Service (FWaaS) provides an application-centric approach, ensuring swift and secure application delivery.
Effective for scaling security in a digital-first environment and delivering a consistent set of protections everywhere.
Rules listed at the top of the Firewall rules override those listed below.
To illustrate this, consider the following example: 
When user traffic tries to go out through the Harmony SASE network, the system will first check if they match rule #1.
- If they do, this traffic will be allowed. If not- #2 is checked.
- If the traffic matches rule #2, it will be allowed. If not - #3 is checked.
- If the traffic matches rule #3, they will be blocked.
- If none of the rules match, the traffic will either be Denied or Allowed according to the default policy on the Network:
How to Create a Rule
The Firewall policy for a network is a list of Rules that defines the access and traffic routing policies. You can create multiple rules that will apply specific policies for specific User Groups, Resources, and Protocols, as well as comprehensive policies that will be used for the entire Network traffic (i.e., block all traffic on a specific port).
To create a new Rule:
- Navigate to Networks -> Firewall
- Click on (+) Add New Rule
- Select the Network where the Rule should be added
- Provide an indicative Name
- Select the Action type
- Add Source and DestinationObjects the Rule will apply to
- Add Services the Rule will apply to
The Source and Destination define the conditions for the Action to be applied to the traffic.
Three types of Objects can be used in the Source and Destination conditions:
Any - All traffic (any address or user).
Groups or Members - All traffic routed from/to a specific Member or Users Group
Addresses - Traffic routed from/to an FQDN, IP Address, Subnet, or List of IPs.
For services, there are two types:
Any - All traffic on all protocols and ports
Services -Traffic routed on a specific Protocol or Ports.
Three types of Objects can be used in the Source and Destination conditions:
Any - All traffic (any address or user).
Groups or Members - All traffic routed from/to a specific Member or Users Group
Addresses - Traffic routed from/to an FQDN, IP Address, Subnet, or List of IPs.
For services, there are two types:
Any - All traffic on all protocols and ports
Services -Traffic routed on a specific Protocol or Ports.
7. Drag the new Rule to the proper Priority (#).
8. Click on Apply Changes.
Recommendations
- Always keep track of the rules you add to FWaaS to ensure network security.
- Regularly review your FWaaS settings for the best application delivery and security consistency.
- Review Addresses & Services.
Troubleshooting
If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.
Support Contacts
If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.
Was this article helpful?