RE: VM Firewalls In Between Subnets
Thank You, Gentlemen. Will give this a try! On 21 Nov 2023 at 7:14 PM +0800, Alex Mattioli , wrote: > +1 to that > > > > > -Original Message- > From: Stephan Bienek > Sent: Tuesday, November 21, 2023 9:15 AM > To: users@cloudstack.apache.org > Subject: Re: VM Firewalls In Between Subnets > > Hi Bryan, > > sure you can, for example using multiple L2 networks connected to your > virtual appliance. > L2 network will not interfere with any services of your appliance, as there > is no virtual router involved. > > Spreading the VMs to the different L2 networks, their only way to communicate > is via your appliance of choice. > > Use L2 with ConfigDrive network offerings to keep the possibility of > providing UserData for Cloud-Init etc if required. > > Using L2 networks with "specify VLAN" you could even use an maybe already > existing physical or virtual appliance outside of Cloudstack within the > specified VLANs. > > Best regards, > Stephan > > > Bryan Tiang hat am 21.11.2023 07:40 CET > > geschrieben: > > > > > > Hi All, > > > > I have a financial client who requires 3 subnets, each filtered by a > > firewall. > > > > They didnt accept the idea of using Network ACLs. They want packet > > filtering, intrusion prevention systems etc which are all features of a > > full fledged firewall. > > > > Can i install a VM Firewall from Fortinet or Palo Alto, and get achieve the > > subnet segregation? All via cloudstack? > > > > Regards, > > Bryan > > > > Sent with Spark
RE: VM Firewalls In Between Subnets
+1 to that -Original Message- From: Stephan Bienek Sent: Tuesday, November 21, 2023 9:15 AM To: users@cloudstack.apache.org Subject: Re: VM Firewalls In Between Subnets Hi Bryan, sure you can, for example using multiple L2 networks connected to your virtual appliance. L2 network will not interfere with any services of your appliance, as there is no virtual router involved. Spreading the VMs to the different L2 networks, their only way to communicate is via your appliance of choice. Use L2 with ConfigDrive network offerings to keep the possibility of providing UserData for Cloud-Init etc if required. Using L2 networks with "specify VLAN" you could even use an maybe already existing physical or virtual appliance outside of Cloudstack within the specified VLANs. Best regards, Stephan > Bryan Tiang hat am 21.11.2023 07:40 CET > geschrieben: > > > Hi All, > > I have a financial client who requires 3 subnets, each filtered by a firewall. > > They didnt accept the idea of using Network ACLs. They want packet filtering, > intrusion prevention systems etc which are all features of a full fledged > firewall. > > Can i install a VM Firewall from Fortinet or Palo Alto, and get achieve the > subnet segregation? All via cloudstack? > > Regards, > Bryan > > Sent with Spark
Re: VM Firewalls In Between Subnets
Hi Bryan, sure you can, for example using multiple L2 networks connected to your virtual appliance. L2 network will not interfere with any services of your appliance, as there is no virtual router involved. Spreading the VMs to the different L2 networks, their only way to communicate is via your appliance of choice. Use L2 with ConfigDrive network offerings to keep the possibility of providing UserData for Cloud-Init etc if required. Using L2 networks with "specify VLAN" you could even use an maybe already existing physical or virtual appliance outside of Cloudstack within the specified VLANs. Best regards, Stephan > Bryan Tiang hat am 21.11.2023 07:40 CET > geschrieben: > > > Hi All, > > I have a financial client who requires 3 subnets, each filtered by a firewall. > > They didnt accept the idea of using Network ACLs. They want packet filtering, > intrusion prevention systems etc which are all features of a full fledged > firewall. > > Can i install a VM Firewall from Fortinet or Palo Alto, and get achieve the > subnet segregation? All via cloudstack? > > Regards, > Bryan > > Sent with Spark
Re: VM Firewalls In Between Subnets
Hi Bryan, sure you can, for example using multiple L2 networks connected to your virtual appliance. L2 network will not interfere with any services of your appliance, as there is no virtual router involved. Spreading the VMs to the different L2 networks, their only way to communicate is via your appliance of choice. Use L2 with ConfigDrive network offerings to keep the possibility of providing UserData for Cloud-Init etc if required. Using L2 networks with "specify VLAN" you could even use an maybe already existing physical or virtual appliance outside of Cloudstack within the specified VLANs. Best regards, Stephan > Bryan Tiang hat am 21.11.2023 07:40 CET > geschrieben: > > > Hi All, > > I have a financial client who requires 3 subnets, each filtered by a firewall. > > They didnt accept the idea of using Network ACLs. They want packet filtering, > intrusion prevention systems etc which are all features of a full fledged > firewall. > > Can i install a VM Firewall from Fortinet or Palo Alto, and get achieve the > subnet segregation? All via cloudstack? > > Regards, > Bryan > > Sent with Spark
