This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Network ACL (NWACL)

What are Network ACLs (NWACL).

A Network ACL (NWACL) is associated with a VPC-Network, and provides fine-grained Network Access Control, for your VPC-Network.

Each Network ACL (NWACL) consists of a list of Rules (NWACL Rules), similar to firewall rules, and can be used to “Allow” or “Deny”, “Incoming” or “Outgoing” network traffic.

NWACL Rule

Each NWACL Rule is automatically assigned an “ID” by the system, and cannot be modified.

Also, for each NWACL rule you can:

  • specify a Name
  • specify a Sequence number
    • Sequence numbers determine the order of execution of rules.
    • Lesser Sequence numbers, have higher priority, and are executed first.
  • select either “Allow” or “Deny” network traffic
  • select either “Incoming” or “Outgoing” network traffic
  • select Protocol -> TCP/UDP/Ping
  • specify application Port number (22, 80, 8080 etc.)
  • specify Network IP(s) or Subnets.

Following operations are permitted on NWACL Rules:

  • Add new Rule(s)
  • Copy an existing Rule to create a new Rule, which will automatically be assigned a unique “ID”.
  • Delete a Rule (Saved or Submitted).
  • Modify a non-Submitted Rule.
  • Save a modified Rule.
    • A “Saved” Rule is not applied to your VPC-Network.
    • It needs to be “Submitted” to be applied to your VPC-Network
  • Submit a Rule
    • A “Submitted” Rule is applied to the Network.
    • A “Submitted” Rule cannot be:
      • modified.
      • re-Submitted.
    • A “Submitted” Rule can be:
      • deleted.
      • copied to create a new un-Submitted and un-Saved Rule.