Introduction: Monitoring your infrastructure is essential for maintaining performance and security. Many businesses rely on monitoring services to track uptime, performance, and potential security issues. However, to allow these services to function correctly, you must grant their IP addresses access to your network via the firewall. In this guide, we’ll cover practical tips on securely adding monitoring IPs to your firewall to ensure seamless monitoring while protecting your network.

Why Add Monitoring IPs to Your Firewall?

Firewalls are a critical line of defence for network security, blocking unauthorized access. But, to allow monitoring tools to perform their job, we must let their IP addresses access specific network parts. This access lets monitoring tools collect metrics, run tests, and notify you of any issues. Configuring your firewall to allow access only to your monitoring service’s IP addresses will maintain your security posture and minimize risk.

10 Tips for Adding Monitoring IPs to Your Firewall

1. Collect a List of Monitoring IPs and Ports

• Get an up-to-date list of all the IP addresses from your monitoring provider that need access.
• Identify which ports and protocols each IP needs access to. Commonly used ports are 80 and 443 (HTTP and HTTPS) or custom ports depending on the service.

2. Implement Least-Privilege Access

• Grant access only to the necessary IPs and ports required by the monitoring service. Avoid using wide IP ranges or allowing access to all ports, which can expose your system to unnecessary risks.

3. Use Specific IPs or CIDR Ranges

• Only allow traffic from known, trusted IP addresses or CIDR blocks. If the monitoring provider has multiple IPs or IP ranges, add only those instead of broad, unrestricted ranges.

4. Organize Custom Firewall Rules for Monitoring IPs

• Create rules in your firewall specifically for monitoring IPs, organized and labelled for clarity. This makes it easier to manage, review, and update these rules when needed.

5. Enable Logging and Alerts for Monitoring IPs

• Enable logging for these rules so that you can monitor the access and activity from the monitoring IPs. Set up alerts for any unusual activity from these IPs, which could indicate a potential compromise.

6. Regularly Review and Update Rules

• Monitoring providers occasionally change or add IP addresses, so make it a habit to review and update the firewall rules periodically. Remove outdated IPs to keep your configuration clean and secure.

7. Set Up Rate Limiting (If Supported)

• If your firewall supports rate limiting, consider applying it to the monitoring IPs. This can prevent flooding or excessive requests, adding an extra layer of protection against potential misuse.

8. Utilize Network Segmentation and Access Control Lists (ACLs)

• If possible, place monitoring IPs on a specific VLAN or network segment. Configure Access Control Lists (ACLs) at the network level to restrict access to essential systems only, adding further control.

9. Test Access After Configuration Changes

• Once you’ve added monitoring IPs, test to ensure they have access to the necessary services. Make sure the firewall blocks access from other, unauthorized IPs as expected.

10. Document All Firewall Changes

• Document your firewall rule changes, including the purpose of each rule, the specific IPs and ports involved, and the services they are accessing. Good documentation will aid in troubleshooting, compliance, and internal audits.
  
  

  Tips for adding our monitoring IPs to your firewall.
  

  
  

  1. Windows Defender Firewall

• How to Add an IP Address to the Allow List:

  1. Open Windows Defender Firewall with Advanced Security.
  2. Click on Inbound Rules New Rule.
  3. Select Custom for the Rule Type and click Next.
  4. In the Scope tab, under Remote IP address, select These IP addresses and click Add.
  5. Enter our monitoring IP addresses and click OK.
  6. Complete the wizard to create the rule.

  Official Documentation:

  Microsoft Docs - Configure Windows Defender Firewall

• 3. Save the iptables configuration to ensure changes persist after reboot.

  Official Documentation:

  Netfilter/iptables Project Documentation

3. Linux UFW (Uncomplicated Firewall)

• How to Allow an IP Address:

  1. Open your terminal.
  2. Run the command:

     sudo ufw allow from [IP_ADDRESS]

     
     

2. Linux iptables

• How to Allow an IP Address:

  1. Open your terminal.
  2. Run the following command for each IP address:

     sudo iptables -A INPUT -s [IP_ADDRESS] -j ACCEPT

• Reload UFW to apply changes:

  sudo ufw reload

• Official Documentation:

  Ubuntu Community Help - UFW

4. Cisco ASA Firewall

• How to Create an Access Rule:

  1. Log in to the Cisco ASDM or CLI.
  2. Navigate to Configuration > Firewall > Access Rules.
  3. Add a new rule permitting traffic from our monitoring IPs to your server.
  4. Apply and save the configuration.

  Official Documentation:

  Cisco ASA Series Firewall CLI Configuration Guides

5. Palo Alto Networks Firewall

• How to Create a Security Policy Rule:

  1. Log in to the Palo Alto Networks web interface.
  2. Go to Policies > Security.
  3. Click Add to create a new rule.
  4. In the Source tab, add our monitoring IPs.
  5. Define the necessary parameters and click OK.
  6. Commit the changes.

  Official Documentation:

  Palo Alto Networks - Security Policy

6. Fortinet FortiGate Firewall

• How to Add an Address and Policy:

  1. Log in to the FortiGate web interface.
  2. Go to Policy & Objects > Addresses and create a new address for our IPs.
  3. Navigate to Firewall Policy and create a new policy allowing traffic from the new address to your internal network.
  4. Move the policy to the correct sequence and save.

  Official Documentation:

  Fortinet - Firewall Policies

7. Check Point Firewall

• How to Add an Access Rule:

  1. Open SmartConsole and connect to your management server.
  2. Go to Security Policies.
  3. Add a new rule allowing traffic from our monitoring IPs to your resources.
  4. Install the policy to apply changes.

  Official Documentation:

  Check Point - Security Management Administration Guide

8. SonicWall Firewall

• How to Create a Firewall Access Rule:

  1. Log in to the SonicWall web interface.

  2. Navigate to Rules > Access Rules.

  3. Click Add to create a new rule allowing our monitoring IPs.

  4. Configure the necessary settings and save.

  Official Documentation:

  SonicWall - How to Create Firewall Access Rules

Bonus Tip: Automate IP Updates When Possible

Some monitoring providers offer an API or automated service to keep their IP lists updated. If this is available, use it to automate the updating of IPs in your firewall, ensuring you’re always aligned with your monitoring provider’s latest IP list.

Conclusion

Adding monitoring IPs to your firewall is an essential part of using external monitoring services safely and effectively. By following these best practices, you can maintain a strong security posture, allowing only the necessary access without exposing your network to risk.

Remember, a well-configured firewall is one of the best defences against unauthorized access, so take the time to review your settings regularly. Happy monitoring!