In Managed Nebula, a role represents the primary purpose and group-identity of a host. For example, you might create roles such as
WWW Server, etc. Each machine that you create should be assigned a role when it is created. Firewall rules are configured for inbound traffic at the role level. Newly created roles allow only ICMP traffic so that
ping requests can be used for troubleshooting. All other inbound traffic is denied by default, and the rules can be configured to allow other kinds of traffic from machines belonging to specific roles.