The Active category provides tools to actively push security settings to devices
The firewall tool provides the option to push and manage firewall rules on devices directly from Connect dashboard.
Using the firewall tool, you can set default network policies and specific network rules for the entire fleet or a dedicated device.
For each policy/rule you must set a name. The name must be unique to other policies/rules. You will later apply those policies/rules on your devices based on that name, therefore we recommend setting the name as indicative of the actual policy/rule.
Policies - When setting a policy, the action will influence all network data according to the policy traffic direction you set. The possible traffic directions are: INBOUND, OUTBOUND. The possible actions are: ACCEPT, BLOCK.
example: Creating a policy with the traffic set to INBOUND and the action set to BLOCK, will block all the traffic that gets into your device.
Rules - When setting a rule, the action will influence the network data based on all other parameters you set for that rule. The possible parameters are:
Action - the action on the network. Can be either ACCEPT or BLOCK.
Traffic - the traffic direction of the network data. Can be either INBOUND or OUTBOUND.
Protocol - the protocol this rule will apply on. Can be all (for all protocols), tcp, udp or icmp.
Port - the port this rule will apply on. If left blank, all ports will be applied.
Address - the address this rule will apply on. Can be a domain name or IP address. If domain is entered, the domain will be resolved to IP address on Connect servers and the rule will be applied on the resolved IP address. If the domain has multiple IP addresses, the first resolved one will be applied. Local domains are currently not supported. If left blank, all addresses will be applied.
example: Creating a rule with the traffic set to INBOUND, the action set to BLOCK, the protocol set to tcp, the port set to 22, and address left blank, will block all the tcp traffic that gets into your device on port 22 (usually ssh traffic).
The Firewall tool uses the iptables binary for applying the rules. Your device must have iptables to use this tool
Using the Firewall tool is your responsibility to completely understand the tool and the consequences of using it.
Wrong applied rules can make your device unreachable or bricked.
The device agent will pull the firewall configuration file at every reboot and apply the selected policies/rules. If something goes wrong, the agent will reset the policies to ACCEPT.
OS Security Updates
The OS Security Update tool lets you deploy, manage and monitor system security updates on your devices with a single click.
To deploy an OS security update, choose the devices you would like to be updated, select the Package Manager that is installed on your devices and click on the "Deploy security update" button.
The selected devices will receive the update as soon as possible (immediately or if they are offline, as soon as they turn on).
To view the progress of the update, click on the Update Details column in the Security updates history table.
The chosen Package Manager must be installed on the selected devices. It won't be installed during the update if missing.
The update may take some time, depends on the internet connection your devices have and the number of packages that are being updated. The update can take between few minutes to over an hour.
The selected devices will be rebooted right after the update finishes. If an error occurred during the update, you will be able to view the error message and the device will not reboot.
Devices that already have a Security update in pending state (can happen if a device is offline) will not receive new Security update deployments. As soon as they turn back online, they will receive that update.
Currently, the only supported package manager is apt. During the update, the command apt upgrade will be executed.
The update might break stuff, system packages will be updated and if your application has dependencies, it might influence it.
Using the OS Security update tool is your responsibility to completely understand the tool and the consequences of using it.