Configure Access Controls for Virtual Devices

Configure Access Control Video

Network Edge users can control traffic to their virtual devices by applying access controls list (ACL) templates.An ACL template is one of the services for Network Edge and it defines rules to permit specific inbound traffic to the virtual devices. The ACL template is not directly applied to virtual device. Instead, it is applied to a gateway device where the virtual device WAN/Management interfaces are connected. Before the ACL template is applied, a specific set of ports and protocols (including DNS, NTP, license server communication, and SD-WAN controller communication) are allowed for virtual devices. The ACL template allows users to efficiently create an additional set of allowed network communications for their deployment. A single template can be applied to multiple Network Edge VNFs. Applying a template is a mandatory step in device creation.

Create an ACL Template

  1. Log in to the Equinix Fabric portal.
  2. Click Network Edge and select Access Management.

  3. Click Create New ACL Template.

  4. In the Basic Details section:

    • Template Name – Enter a name for the template.
    • Template Description – Enter a brief description of the template.
  5. Use the DNS Lookup Tool to find IP addresses for fully qualified domain names (FQDNs).

    • Select a DNS resolution source metro location. FQDNs with content delivery network (CDN) subnets can change based on metro location.
    • Enter the FQDN in the DNS Lookup section and start searching. A list of resolved IP addresses will display.
    • Click Add Rule to add the IP address.

  6. Finish creating the rule(s):

    • IP Address Subnet – Use the auto-populated results you selected using the DNS Lookup Tool or type the subnet / IP Address manually. The subnet syntax is x.x.x.x/xx. For a single IP address, use syntax x.x.x.x/32.
    • Protocol – Select IP, TCP, or UDP.
    • Source Port or Range – Enter the source port or range. (The port value can be 10 numbers separated by commas, a range between 10 and 20, or 'any'.)
    • Destination Port or Range – Enter the destination port or range. (The port value can be 10 numbers separated by commas, a range between 10 and 20, or 'any'.)
    • Description (Optional) – Enter a description for the inbound rule. (The description can be up to 200 characters.)
  7. When you are finished adding rules, click Create Template.

Tip: Equinix recommends defining specific IP addresses, source subnets, sources, and destination ports / ranges to minimize the attack surface from any malicious activities.

SSH traffic needs to be specifically permitted to allow users to access a virtual device remotely using SSH protocol.

The ACL is a prioritized list. To change priority, drag and drop an item by clicking next to the Description (Optional) field.

You can change a pre-defined template and save it as a new ACL template. Select a template in the Select a template drop-down menu, and then edit the Basic Details and Inbound Rules as needed.

Search ACL Templates

When you view the Access Management page, you see a list of all your ACL templates. If you want to locate a specific template, use the search field to narrow down the list. Enter the template name or the UUID in the search field.

Apply an ACL Template to Existing Devices

A single ACL template can be applied to multiple devices.

  1. Click Network Edge and select Virtual Inventory.
  2. Select the device.
  3. Click Additional Services.
  4. In the Access Management section, click Edit.
  5. Select a template in the Select Access Control List Template drop-down.
  6. Click Update.

Access your templates by clicking Network Edge and selecting Access Management. The template list shows each template, the number of devices the template is applied to, the date the template was created, and the template creator. Click on a specific template to view template details, inbound rules, and the specific device(s) the template is applied to.

Remove an ACL Template from a Device


After a device has been provisioned, the applied ACL can be removed from the device completely, isolating the device to the public network. To remove the ACL template from your provisioned device:

  1. Click Network Edge and select Virtual Inventory.
  2. Select the device.
  3. Click Additional Services.
  4. In the Access Management section, click Edit.
  5. Click Remove.

  6. Click Update.
Related Topics Link IconRelated Topics