Firewall

All qbee.io configuration management options can get accessed through the "Configuration" function. Please see the "Configuration management" section for additional information. It resides under "security".

The firewall is used to configure input and output ports of the embedded devices. The current functionality is developed to satisfy most user demands. If you need more detailed firewall configurations it is possible to create those through our Ansible integration. By default qbee opens its own port from the inside. This is a pull based approach and allows communication through most company firewalls and NATs. So usually the firewall can be configured with default policy "drop" and qbee will work anyhow. The same is true for all remote access to the devices. Both the remote shell access and the remote access to any port do not demand any open ports in the firewall. All this is handled by the qbee agent through its own VPN. This communciation is running over port 443 which is triggered from the inside and then waiting for the qbee server to communicate back. This is all based on secure https communication.

Info

It is possible to configure the firewall with default policy "drop". qbee and remote access will work independent of this.

Rules can be created for TCP or UDP. It is possible to limit the IP access range or use "ANY" in order to allow any IP to connect. The following example shows a firewall configuration that drops all connections by default but allows HTTPS access through port 443. This could be used for allowing external web server access.

qbee-firewall-configuration1

So it is possible to drop all and define custom rules which allow access or accept all and drop or reject certain ports.

Tip

This example opens external HTTPS access to the device. This is potentially dangerous as it weakens the security concept. With qbee-connect you would be able to provide the same access without exposing any external ports since it is routed through the qbee VPN.