How to Use the Vultr Firewall with a Vultr Load Balancer

Updated on May 11, 2021
How to Use the Vultr Firewall with a Vultr Load Balancer header image


The Vultr Firewall is a web-based firewall to protect your cloud servers. The Vultr Load Balancer is a fully-managed solution to distribute traffic across multiple back-end servers. In this guide, you'll learn how to use them together. You'll distribute web traffic with a Load Balancer while protecting the web servers with the Vultr Firewall. If you are new to Vultr Load Balancers, we recommend reading the Load Balancer Quickstart Guide first. You can also learn more in our Vultr Firewall Quickstart Guide.

In this guide, you'll configure the Vultr Firewall to accept traffic from a Vultr Load Balancer, as shown below.

Load Balancer plus Firewall

When configured this way, the Vultr Firewall only accepts traffic from the Load Balancer, preventing direct connections to the web servers if users try to bypass the load balancer. Here's a step-by-step guide to creating a secure, load-balanced web cluster behind the Vultr Firewall.

1. Deploy Web Servers and Load Balancer

  1. Deploy three web servers in a single location.

  2. Navigate to the Load Balancers section of the Vultr Customer Portal.

  3. Click the blue plus icon to deploy a load balancer.

  4. Choose the same location as your web servers.

  5. In Load Balancer Configuration, enter a label and leave the other options at default.

    Screenshot of Load Balancer Configuration section

  6. Leave the default Forwarding Rule for HTTP at port 80.

  7. Choose Public in the Private Network section.

  8. Do not add any Firewall Rules. The firewall rules in this section are for the Load Balancer Firewall, which is different than the Vultr Firewall. See our article How to Use the Vultr Load Balancer Firewall to learn more.

  9. Choose HTTP and Port 80 for Health Checks.

    Health Checks

  10. Click Add Load Balancer.

Wait for the Load Balancer to deploy.

  1. Click your Load Balancer to edit its configuration.

  2. Note the URL of this page. The Load Balancer ID is at the end of the query string.

    For example, if your URL is:

    Then, your Load Balancer ID is 11111111-0000-ffff-2222-333444555666. Note this value. You'll need it when configuring the Vutr Firewall.

  3. Add your instances: Click Add Instance.

  4. Choose an instance from the drop-down.

  5. Click Attach Instance.

  6. Repeat steps 3 – 5 for each web server instance.

3. Deploy a Vultr Firewall

  1. Navigate to the Add Firewall Group page.

  2. Give the firewall group a descriptive name and click Add Firewall Group.

  3. Add an inbound IPv4 Rule that accepts HTTP from the Load Balancer source, indicated by 1 in the screenshot below. Enter the Load Balancer ID you noted earlier, indicated by 2.

    Load Balancer Source

  4. Click Linked Instances on the left menu.

  5. Link each of the three instances to the firewall group.

    Linked Instances


By linking the Firewall HTTP rule to the Load Balancer source, you've prevented direct access to the web servers. All HTTP traffic to the web servers must travel through the Load Balancer.

You may want to add more rules to the Vultr Firewall to allow HTTPS for a production environment. You may also want to allow SSH with your IP address as the source.

Advanced Configuration

In this article, you've explored the Vultr Firewall. Load Balancers also have their own internal firewall rules, and you can combine these for an advanced configuration as shown below.

Load Balancer With Firewall, plus Vultr Firewall

In this example, the Load Balancer Firewall accepts traffic from Cloudflare IPs, while the Vultr Firewall accepts traffic from the Load Balancer. All other traffic to the web servers is denied.

You can learn more about the Load Balancer Firewall in our article, How to Use the Vultr Load Balancer Firewall.

More Information