Configuring Firewall Rules¶

Once Network Protection is active for your origin server, you can begin defining Firewall Rules — the policies that decide which packets are allowed through to your origin and which are dropped at GatewaySentry's edge. Firewall rules operate at the IP layer, so they apply to all traffic, regardless of protocol.

This guide is a complete reference covering every field, option, and behavior in the firewall editor.

Prerequisite: This guide assumes you've already set up a Network Protection staple IP. If you haven't, see Adding Network Protection first.

How Firewall Rules Work¶

Each staple IP has its own firewall — an ordered list of rules evaluated top-to-bottom, where the first matching rule wins. As soon as a packet matches a rule, the rule's action (Accept or Drop) is applied and no further rules are evaluated for that packet.

If no rule matches a packet, the default policy decides what happens.

Concept	Purpose
Rules	Per-direction, per-protocol decisions about which traffic is allowed
Default policy	What to do with any traffic not matched by a rule above
WHEN	Match conditions (direction, protocol, ports, IP, connection state)
DO	Action to take when the rule matches (Accept or Drop)

Top-to-bottom, first match wins. This is different from Web Protection's Flow Rules, which can stack Continue rules on top of each other. Firewall rules are exclusive — once one matches, that's the decision.

Walkthrough¶

Follow these steps in order to add and apply a firewall rule.

Reference¶

Reading the Rules List — Decode the compact summary shown for each saved rule.

Operations¶

Managing Rules — Edit, reorder, duplicate, and delete rules.

Guidance¶

Best Practices — Recommendations for ordering, defaults, stateful rules, and rollouts.
Troubleshooting — Common issues and how to resolve them.

Need Help?¶

If you run into unexpected blocks or need help designing a firewall policy for a specific service, please reach out to GatewaySentry Support.

Next: Step 1 — Open the Firewall Editor →