ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
  • Email
  • Monitoring and usage management
  • Networking
    • Content Delivery Network
    • Colocation
    • Firewalls
      • Accessing your firewall configuration through MyUKFast
      • Enabling ICMP traffic to UKFast servers
      • Managing ports on your shared firewall
      • How to secure your shared firewall
      • Managing ports your dedicated firewall
      • The Access List - Single VLAN
      • The Access List - Multi VLAN
      • How to secure your dedicated firewall
      • Scheduling a dedicated firewall reboot
      • UKFast-supported VPNs
      • VPN Dashboard
      • Remote Access VPN Dashboard
      • Site To Site VPN Dashboard
      • User Administration For AnyConnect VPN
      • Two factor authentication (2FA) VPNs
      • VPN capacity on UKFast dedicated firewalls
    • Classic Load Balancers
    • Load Balancers
    • Policy
    • How to set up a Multi-Protocol VPN Server using SoftEther
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Cloud >
  • eCloud Public >
  • Firewalls >
  • How to secure your shared firewall

How to secure your shared firewall¶

Your firewall is your first line of defence against malicious actors on the public internet. The best way to keep your server secure from attackers is to make sure they get blocked by your firewall.

Sometimes the more advanced firewall features are disabled by default. If you see a message like the following when attempting to use a feature you need, please do hit the “Request Access” button and we’ll be alerted to your request.

Not configured

Locking down vital services to Admin IPs only¶

There are often services that you as the server owner will want to control access too. Common examples are SSH, RDP, MySQL, or even your control panels like Plesk or cPanel/WHM. While you and your authorised contacts need to access these, in general the rest of the internet does not. Leaving them open to the world allows attackers to attempt to exploit them.

Fortunately, there is an easy way to stop this. If you know the IPs you want to authorise, you can lock down these admin services on your firewall so only your authorised admin IPs are able to see these vital services.

To do so, you can add your authorised admin IPs in the Admin Config tab:

Add an admin IP

Then in the Admin Port Config tab, you can configure port rules which apply only to your admin IPs. This is the same interfaces as the standard Port Config tab.

Blocking an IP¶

There are some situations where the best solution is to block an IP entirely. On the UKFast shared firewall you can do this under the Block Config tab of your firewall interface. It looks like this:

Block an IP on shared firewall

You can simply add a single IP and Save Changes, and any future connections from that IP will be dropped by your firewall.

Our interface also allows you to add subnet ranges. If you are not familiar with how subnets work, they basically allow you to block a number of IPs in the same subnet range, by using a subnet mask. While it’s possible to learn how to these ranges by hand, it is easy to use the many online tools, like this one from MXtoolbox.

Warning

UKFast is not responsible for the performance of 3rd party software or testing tools.

Next Article > Managing ports your dedicated firewall

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ