Hi Lisa, Thanks for the link, I did came across it before. In the mean time I think I've found some information how other people did something very similar to what I'm trying: http://www.slideshare.net/mice_xia/integration-3rd-party-security-solution https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration https://cwiki.apache.org/confluence/display/CLOUDSTACK/external+hosted+private+gateways
Looks like some coding is required to develop a CS Plugin and the virtual appliance will have the expose some kind of API to for the ACS to be able to manage it. Regards, Michal Rodzos Solutions Architect Phone: 1300 144 007 | Mobile: +61 421 834 204 | Skype: michal.rodzos | Twitter ---------------------------------------- From: "Lisa B." <nordlicht1...@hotmail.de> Sent: Monday, 2 December 2013 7:29 AM To: "users@cloudstack.apache.org" <users@cloudstack.apache.org> Subject: RE: Replacing Virtual Router with a custom virtual appliance template hey michal, i am not sure if this is what you are looking for but i just came across this blog post while tracking down a different problem: http://blog.remibergsma.com/2012/08/30/going-beyond-cloudstack-advanced-networking-how-i-replaced-the-virtual-router-with-my-own-physical-linux-router/ good luck! lisa ________________________________ > From: michal.rod...@cloudcentral.com.au > To: users@cloudstack.apache.org > Subject: Replacing Virtual Router with a custom virtual appliance template > Date: Sun, 1 Dec 2013 14:09:02 +1100 > > > Is it possible to create a network offering, which would use a custom > virtual appliance instead of the default Debian template? > > My understanding is currently only following network providers are > supported/available in ACS: > > - Citrix NetScaler > > - F5 > > - Juniper SRX > > - Virtual Router > > - Cisco ASA 100v (Citrix CloudPlatform only?) > > > > I've found a wiki page > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration& > that somebody managed to integrate the Palo Alto Firewall into ACS. > Plus some other people managed to get the midokura or Nicira to work ? > > So it seems that custom network providers are feasible. > > I'd like to provide a premium network offering with a commercial > security gateway/UTM virtual appliance as a network provider. Ie the > FortiGate UTM provides VPN, NAT, DNS, DHCP, routing and other network > features similar to Virtual Router, but also offers security features > like anitispam, virus scanning, deep packet inspection, IPS etc. So the > question is how hard is, and how much dev effort is required? > > Other option is to create a network like this > Internet -> ACS VR-> FortiGate TM VM -> customer VMs > But not sure how can force all the public traffic from the VMs to go > via the FortiGate? > > The environment is XenServer 6.2 and ACS 4.2.1 with Advanced Networking > > Thanks, > Michal > > > > Regards, > Michal Rodzos > Solutions Architect > > [CloudCentral - Secure Australian > Cloud]<http://www.cloudcentral.com.au/?utm_source=michal&utm_medium=email&utm_campaign=cloudcentral> > Phone: 1300 144 007 | Mobile: +61 421 834 204 > [View Michal Rodzos' profile on > LinkedIn]<http://www.linkedin.com/in/michalrodzos>| Skype: > michal.rodzos | Twitter<https://twitter.com/cloudcentral> > >