So you will not be able to NAT the public IPs to the vRouter. If you do NAT them it will become a mess for management, not to mention you reduce the effectiveness of Cloudstack as a cloud management tool. You need to expose that block to your WAN switch of which the public interface will need to connect to. If you really wanted to put a firewall in front you would need to place it in transparent mode which would allow you to create policies to control traffic.
On 4/3/14, 1:59 PM, "Fred Newtz" <fbne...@gmail.com> wrote: >Public IP addresses confuse me the most in a Cloudstack install. I have a >Firewall that is hosting all of my public IP addresses now. The >management >server is supposed to sit behind a NAT device to protect it from attack. >How am I supposed to assign public IP addresses to virtual machines >(virtual routers) inside of the NAT device? I have not seen any clear >documentation on how this is supposed to be configured to make everything >work correctly. Where do I assign my IP addresses and how do I get them >through the firewall correctly? > >I just purchased a Juniper SRX100 device (will be a small deployment). >Will installing this help manage the Public IP situation easier (and even >automatic)? If anyone has any suggestions on what I should search for to >solve this issue that would be great. Explaining would be even better. > >Thanks, > >Fred ________________________________ This document is PROPRIETARY and CONFIDENTIAL and may not be duplicated, redistributed, or displayed to any other party without the expressed written permission of LPS Integration, Inc. If you are not the intended recipient and have received this email in error, please destroy the email and contact the LPS Integration Security Officer at 866-577-2902 (Phone), 615-349-9009 (Fax) or 230 Great Circle Rd. Suite 218 Nashville, TN 37228 (US Mail)