How can I setup Network ACLs for my network?

  1. Log in to your account.
  2. Click:
    1.  Network Settings
    2. Advance Network Settings
  3. In the Network Access menu, you can add/modify/remove ACLs with the following information:
    • Order: Order in which the rules are applied where a lower value means a higher priority
    • Direction: Specify whether the rule is applied to traffic from the devices or to the devices
    • Type: Select from a list of predefined options. This includes a list of predefined services (e.g. HTTP) which involves a combination of specific protocol and port, or generic options that will let you customize the protocol and port or range of ports. If your service is not on the list, you can choose Custom protocol
    • Protocol: IP protocol to be applied. It includes TCP, UDP, and other IP networking protocols
    • Source:  Depending on the Direction selected previously, the Source can be the SIMs (if Direction is “From Devices”) or a custom network IP subnet specified in CIDR format (if Direction is “To Devices”) e.g. 192.168.0.0/24
    • Destination: As with the Source, depending on the Direction selected previously, the Destination can be the custom network IP in CIDR format (if Direction is “From Devices”) or the SIMs (if Direction is “To Devices”)
    • Port range: Port (e.g. 80 for HTTP) or range of ports to be applied
    • Access: Traffic that matches the ACL should be permitted or denied
    • Enabled: If the rule is not enabled it is not applied to the traffic.

Note:

    • If the list of ACLs is empty, then all traffic is allowed
    • If there is at least one Network ACL then all the traffic that is not explicitly allowed will be denied.

For example, to restrict the traffic in an internet & VPN network so that:

    • Devices can only talk HTTPs to the internet
    • There is remote access to the devices using ssh protocol for management purposes (we’ll assume that they will be accessed from agents in the 192.168.0.0/24 LAN)
    • All other traffic is not allowed.

The Network Access Rules list would look like:

Type Protocol Direction Source Port(s) Destination Port(s) Access Enabled
HTTPS TCP From Devices SIMs any 0.0.0.0 443 Permit Yes
SSH TCP To Devices 192.168.0.0/24 any SIMs any Permit Yes
All Traffic any any any any any any Deny