The internal firewall

Mostly used for advanced configurations, where nodes are placed in locations facing internet traffic, there is a built-in firewall in Control Center.

You access the firewall configuration in the domain configuration dialog for each node.

Opening domain configuration dialog:

Starting the firewall configuration GUI.

There are three sections to the firewall.

Domain Discovery

When connecting a dbWatch Monitor to a node, it will by default provide a list of its known domains and you can select wich one to (attempt to) join. If Domain Discovery is turned off, the list will not be provided and the user has to enter the domain manually.


Specifies what domains this node will forward certificates for. This is typically used for a node that works as a cloud router.


The rules section allows you to add IP addresses and ranges to allow or deny. The list starts at the top and either allows or denies based on the rules.

The default setup is to have three rules:

Action From host Limit

The first rule is explicit allowing connections from IP (only this IP), limiting to 100 max connections.
The second rule is allowing all IP addresses, limiting to 100 max connections.
The third rule is denying all connections not hit by any of the above rules (which in this case would be none)

The idea is to replace the rule with either a specific with an address in the CIDR address notation. ( for, of only the IP etc)


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment