Skip to content

Rule Set

Security rules enforce least privileged access to applications and apply deep packet inspection and decryption services to secure applications and services deployed in a Cloud account. Rules are added as Policy Rulesets and are associated with Valtix Gateways as follows:

  1. Policy rulesets are cloud account agnostic, enabling multi-cloud security rule management to maintain consistent a security posture across clouds
  2. Valtix Gateway can only be associated with a single policy ruleset
  3. A ruleset can be associated with multiple Valtix Gateways

  4. Individual Rules within a policy ruleset use the inventory data from a specific cloud account to apply cloud and regional specific rules to a Valtix Cloud Gateway.

    • A dynamic address object with Tags used in a rule resolves to a set of IP addresses on Valtix Gateway 1 in Cloud 1/Region 1 and a different set of IP addresses on Valtix Gateway 2 in Cloud 2/Region 2.

  5. Policy rulesets can be created from the Rules page or the Gateway creation wizard. It's recommended to create a Ruleset first and use this ruleset during the Gateway deployment. Creating a ruleset gives an option to give a descriptive name and description.

Ruleset

Policy Management

Policies are made in Valtix Controller and pushed to Valtix Gateways once they are saved. To view whether the new policies are in effect, users can navigate to:

Page Description
Gateway Page Navigate to Manage -> Gateways -> Gateways and view the Policy Rule Status column
Rule Sets Page Navigate to Manage -> Security Policies -> Rule Sets and view the Policy Rule Status column
Rules Page Navigate to Manage -> Security Policies -> Rule Sets and select a ruleset. This will show all the policies for the ruleset. At the top of the screen, Gateways Updated will show number of Gateways that are updated. Hovering over the info icon will display individual gateway status.

Policy Rule Gateway Status

  • Updated - Policies are pushed to the Gateways and is effective
  • Updating - Gateway is still processing new policies. New policies has not taken effect yet.

Policy Rule Set Gateway Change

A Policy Rule Set assigned to a Gateway can be changed dynamically to a different Policy Rule Set. If there is a requirement to swap in a different Policy Rule Set to an active Gateway, this operation can be initiated in a non-impactful way. The assignment of the new Policy Rule Set operates similarly to a Gateway update/upgrade process. New Gateway instances are instantiated with the new Policy Rule Set. New traffic sessions are redirected to the new Gateway instances once they are active and healthy. Old traffic sessions are flushed from the old Gateway instances. The old Gateway instances are deleted. The operation completes in a matter of minutes. This change is initiated as part of the Gateway configuration settings (Manage -> Gateways -> Gateways). The change can be initiated using the Valtix Portal or the Valtix Terraform Provider.

Rule Set Group

Rule Set Group is a collection of Rule Sets. Users can combine multiple Rule Sets into a Rule Set Group and associate the Rule Set Group to Valtix Gateways. Rule Set Group allows organizations to separate policies in an organized fashion and merge them together to consolidate protection in a single gateway.

Notes

  • A Rule Set Group can only consist of Rule Sets
  • Ensure all Rule Sets associated with a Rule Set Group do not have overlapping Rules

Create Policy Rule Set

To create a Policy Ruleset:

  1. Navigate to Manage -> Security Policies -> Rules
  2. Click Create
  3. Add a name and description for the policy ruleset
  4. CLick Save

Once the policy rulesets are created, proceed to add individual Rules.

Create Policy Rule Set Group

To create a Policy Rule Set Group:

  1. Navigate to Manage -> Security Policies -> Rules
  2. Click Create
  3. Add a name and description for the policy rule set group
  4. Select Type as Group
  5. Add Rule Sets in the Rule Set List section