MacStadium Firewall Configuration Guide

Firewalls are standard data center protection mechanisms designed to keep private networks safe from malicious actors. That’s why every MacStadium private cloud deploys with a dedicated Cisco firewall to provide unmatched protection and enhanced security for your entire infrastructure.  

By precisely configuring your firewall to match your specific needs, you can extend and enhance its protective efficiency. MacStadium dedicated firewalls give your security teams root access to the firewall and the ability to configure settings to their specifications. MacStadium customers can take the basic building blocks of our firewall configuration and build their own custom plan.

Getting Started

Many customers simply submit a ticket via the MacStadium portal with their firewall configuration requests. However, they can also choose to have as much control and influence over their firewall implementations as they desire. This guide describes some of the most popular configuration and customization options available to MacStadium customers.

For information concerning what firewall options MacStadium offers, please see MacStadium Firewall Options.

Configuring Access

Once you submit a private cloud request, the MacStadium provisioning team will create a ticket accessible via the MacStadium portal that contains your connection information.  

The IP plan contains necessary information including how to gain access to your private cloud, instructions for accessing your vCenter client (unless you requested a bare metal implementation), your IP allocation, and your host assignments.

Setting up Access with a Remote Access Virtual Private Network (VPN)

For security reasons, outside access to your firewall is blocked by default. Our recommended method, and the one most MacStadium customers follow, is to access your private cloud via a Remote Access Virtual Private Network (VPN).

IP Plan

It’s the easiest way to securely connect to your MacStadium private cloud. The recommended method of doing this is via the AnyConnect client. You can find instructions for configuring and connecting to your Cisco AnyConnect Secure Mobility Client here:

Configure Cisco AnyConnect Secure Mobility Client

If your connection information mentions Group Authentication, then you can configure an IPSec VPN connection. Instructions for doing so on macOS and Windows installations follow:

Setup a VPN Connection from macOS

Setup a VPN Connection from Windows

vCenter Login

vCenter Login

This tutorial (images only) will walk you through deploying a virtual machine using the VMware web client.  For more information concerning VMware and the VMware vCenter Server Virtual Appliance (vCSA), see the VMware Quick Start Guide.

IP Allocation and Host Assignments

IP allocation

MacStadium defines four basic interface types for customer use.

1. Outside: External firewall management addresses

2. Inside: /28 range  

3. ESXi-MGMT: Reserved for vCenter & ESXi hosts (should not have public IP  addresses)

4. Private: Random private range assigned for your use – by default no outside  access allowed

What interfaces appear in your initial connection information on the MacStadium portal will depend on your private cloud configuration request. For instance, if you chose a bare metal implementation, you won’t have information concerning ESXi management and vCenter.

Continue to Firewall Management...

MacStadium Firewall Configuration Guide