Firewall

Firewall management on embedded edge devices

The firewall is used to configure input and output ports of the remote embedded devices. The current functionality is developed to satisfy most user demands. If you need more detailed firewall configurations it is possible to create those by using specific scripts to set the firewall from there.

!qbee-firewall-configuration1

Just define the firewall rules your application needs. With qbee the standard setting usually is "drop all". Then your device is well protected but you still can use the qbee VPN to get remote access to any port. So please note that you do not need to open any port on your remote edge device to be able to use the remote access functions. They get initiated by the remote device sending an outbound https request on port 443.

Even if drop all is selected qbee and the qbee VPN will still work

It is possible to configure the firewall with default policy "drop". qbee and remote access will work independent of this. This is recommended for security reasons.

Rules can be created for TCP or UDP. It is possible to limit the IP access range or use "ANY" in order to allow any IP to connect.

CIDR notation to support subnet ranges are supported

qbee supports CIDR notation for subnets, thus it is possible to use 192.168.100.0/24 to allow only devices from the ip range 192.168.100.0 to 192.168.100.255. More information on CIDR notation.

Another practical feature is that you can access a list of all open ports on any device by pressing the "show open ports" button.

!qbee-firewall-configuration-open-ports