[
https://issues.apache.org/jira/browse/CLOUDSTACK-2509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sailaja Mada closed CLOUDSTACK-2509.
------------------------------------
Regressed with latest builds. This issue is resolved now. Hence closing the
bug.
> [Cisco VNMC]No way to block incoming traffic as ACL created with PF/Static
> Nat is Source is Any
> ------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2509
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2509
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Devices
> Affects Versions: 4.2.0
> Reporter: Sailaja Mada
> Assignee: Koushik Das
> Fix For: 4.2.0
>
> Attachments: ACLVNMC.png
>
>
> Setup: Advanced Networking Zone, Nexus 1000v VMWARE cluster , CISCO VNMC as
> PF/Static Nat/Source Nat/Firewall provider
> Observation:
> 1. Created Network Offering with CISCO VNMC as PF/Static Nat/Source
> Nat/Firewall provider
> 2. Create Guest Network with above offering and deploy instance using this
> network
> 3. Configure PF rule with 22 TCP port and add above deployed VM
> 4. Access VNMC and verify the ACL's created @ policy Management dash board
> with this VLAN tenant.
> Observation :
> 1.There is an ACL with Source as any Destination as the VM with specific
> port.
> 2. With the current implementation of CISCO ASA firewall , we allow all the
> incoming traffic with the specific ports being open thru PF/Static NAT
> 3. There is no way to block incoming traffic as ACL created with PF/Static
> Nat is Source is Any .
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
