You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/05/16 05:55:15 UTC
[jira] [Commented] (CLOUDSTACK-2509) [Cisco VNMC]No way to block
incoming traffic as ACL created with PF/Static Nat is Source is Any
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13659199#comment-13659199 ]
ASF subversion and git services commented on CLOUDSTACK-2509:
-------------------------------------------------------------
Commit 5511eb241af775efa59d4fdeb597d2b335b50739 in branch refs/heads/master from [~koushikd]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=5511eb2 ]
CLOUDSTACK-2509: [Cisco VNMC]No way to block incoming traffic as ACL created with PF/Static Nat is Source is Any
No longer creating firewall rule as part of PF/Static NAT rule creation. Now firewall rule needs to be configured separately.
Also made some changes to exception handling.
> [Cisco VNMC]No way to block incoming traffic as ACL created with PF/Static Nat is Source is Any
> ------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2509
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2509
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Network Devices
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Fix For: 4.2.0
>
> Attachments: ACLVNMC.png
>
>
> Setup: Advanced Networking Zone, Nexus 1000v VMWARE cluster , CISCO VNMC as PF/Static Nat/Source Nat/Firewall provider
> Observation:
> 1. Created Network Offering with CISCO VNMC as PF/Static Nat/Source Nat/Firewall provider
> 2. Create Guest Network with above offering and deploy instance using this network
> 3. Configure PF rule with 22 TCP port and add above deployed VM
> 4. Access VNMC and verify the ACL's created @ policy Management dash board with this VLAN tenant.
> Observation :
> 1.There is an ACL with Source as any Destination as the VM with specific port.
> 2. With the current implementation of CISCO ASA firewall , we allow all the incoming traffic with the specific ports being open thru PF/Static NAT
> 3. There is no way to block incoming traffic as ACL created with PF/Static Nat is Source is Any .
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira