All Products
Search
Document Center

Security Center:Manage the defense status and defense rules of a cluster

Last Updated:May 21, 2024

After you create defense rules for a cluster, you can enable or disable defense for the cluster. You can also enable, disable, and modify the defense rules of the cluster. If you no longer need a defense rule, you can delete it. This topic describes how to enable, disable, modify, and delete a defense rule.

Prerequisites

A defense rule is created for your cluster. For more information, see Create a defense rule.

Background information

The defense rule that is created for the cluster can take effect only when the blocking status of the cluster is normal. If the blocking status is abnormal, you must troubleshoot the issue. For more information, see Troubleshoot the issues causing the abnormal blocking status of a cluster.

Manage the defense status

  1. Log on to the Security Center console.

  2. In the left-side navigation pane, choose Protection Configuration > Container Protection > Container Firewall.

  3. On the Container Firewall page, click the Protection Management tab.

  4. In the cluster list of the Protection Management tab, find the cluster for which you want to manage the defense status.

    Turn on or turn off image or 开关 in the Defense Status column. You can also select multiple clusters and click Batch Enable or Batch Disable below the list to manage the defense status for multiple clusters.

    Important

    You can enable defense rules for a cluster only when Normal is displayed in the Interceptable Status column of the cluster. If Abnormal or Normal to Be Confirmed is displayed in the Interceptable Status column, you cannot enable defense rules for the cluster. For more information about how to troubleshoot the issues that cause the abnormal status in the Interceptable Status column, see Troubleshoot the issues causing the abnormal blocking status of a cluster.

Manage a defense rule

  1. Log on to the Security Center console.

  2. In the left-side navigation pane, choose Protection Configuration > Container Protection > Container Firewall.

  3. On the Container Firewall page, click the Protection Management tab.

  4. In the cluster list of the Protection Management tab, find the cluster for which you want to manage defense rules.

    1. Click Rule Management in the Actions column to go to the Defense Rule panel.

    2. In the defense rule list of the Defense Rule panel, find the defense rule that you want to manage.

      • Enable or disable the defense rule

        Turn on or turn off image or 开关 in the Enabling Status column.

        You can also select multiple defense rules and click Batch Enable or Batch Disable below the list to enable or disable the defense rules at a time.

      • View the details of the defense rule

        Click Details in the Actions column to go to the Details panel. In the Details panel, view the configurations of the source network object and destination network object, and other details of the defense rule.

      • Modify the defense rule

        Click Edit in the Actions column to go to the Edit Rule panel. In the Edit Rule panel, modify the defense rule.

        Note

        Modifications to the defense rule take effect within 1 minute.

      • Delete the defense rule

        Click Delete in the Actions column to delete the defense rule.

        You can also select multiple defense rules and click Batch Delete below the list to delete the defense rules at a time.

        Note

        The defense rule is deleted within 1 minute.