All Products
Search

This Product

    Security Center:Create a network object

    Document Center

    Security Center:Create a network object

    Last Updated:Apr 09, 2024

    To use the container firewall feature of Security Center, you must create a source network object and a destination network object and then create defense rules. This topic describes how to create a network object.

    Limits

    Only the Ultimate edition of Security Center supports this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

    Prerequisites

    The malicious behavior defense feature is enabled for your assets. For more information, see Use the proactive defense feature.

    Procedure

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

    2. In the left-side navigation pane, choose Protection Configuration > Container Protection > Container Firewall.

    3. On the Container Firewall page, click the Network Object tab.

    4. On the Network Object tab, click Create Network Object.

    5. In the Create Network Object panel, configure the parameters. The following table describes the parameters.

      Parameter

      Description

      Object Name

      Enter a name for the network object.

      Namespace

      Select or enter the namespace to which the network object belongs.

      Note

      You can enter the namespace of a cluster. Fuzzy match is supported. Example: a*.

      Application Name

      Select or enter the name of the application to which the network object belongs.

      Note

      You can enter the tag value of a pod whose tag key is app. Fuzzy match is supported. Example: a*.

      Image

      Select or enter the image of the network object.

      Tag

      Select or enter the tag of the pod that you want to protect. 
 You can select one or more tags.

    6. Click OK.

      The created network object is displayed on the Network Object tab.

      • You can find the network object and click Edit or Delete in the Actions column to modify or delete the network object.

      • You can also select multiple network objects and click Batch delete below the network object list to delete the network objects at a time.

        Note

        You can delete a network object only if the network object is not added to a defense rule.

    What to do next

    After you create a source network object and a destination network object, you can create a defense rule to control traffic from the source network object to the destination network object. You can use the defense rule to allow, block, or generate alerts for unusual traffic from the source network object to the destination network object. For more information, see Create a defense rule.