firewall setup
The servers in your application sit behind a comprehensive firewall solution. Visitors addresses are checked against the firewall rules in various categories assigned to the server and if the IP address matches a filter, access is granted.
The server zones are decided at the time of commissioning and to move them would require a re-commission of that server.
It is not possible to open up access at one level and restrict it at another level, the least restrictive rule will always apply.
There are 4 levels of filtering logically becoming less restrictive as they go, these are outlined below.
maintenance zone
This is the zone that allows the Kane IT systems team to access a server to perform maintenance and to allow the monitoring tools to access the server for status information. This is the most restrictive firewall set and all servers are assigned to this zone.
core zone
All of the servers assigned to your account are members of this zone. All servers within this zone can communicate amongst themselves and you can define rules at this level to allow your organisation access to your servers that the world does not have. The defaults for this zone are to allow SSH access over port 22 to the world.
web, application and database zones
Depending on the role of the server you can control the specifics of the access assigned by your organisation. The default assignment for the web zone is to allow ports 80 and 443 open to the world. No additional access is assigned to the application or database zone.
specific instance
The specific instance can be configured to allow more access specific to it.
