Hi Vivek, I've actually done exactly that with both PaloAlto and Checkpoint firewalls. In one case created the VPC with a "public" IP in the same network as the FW's Inside interface, which is a bit too much work to be honest (and can get messy). In another case in a POC I just used the VPC's Private Gateway function to connect it to the FW, which could then be either physical or virtual.
Cheers, Alex Mattioli alex.matti...@shapeblue.com www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue -----Original Message----- From: Vivek Kumar <vivek.ku...@indiqus.com> Sent: 29 April 2020 21:39 To: users@cloudstack.apache.org Subject: Pfsense like external firewall with CloudStack Hello Folks, Have someone ever tried to deploy a pfsense or any other virtual firewall appliance under a VPC to extend the security feature. Let’s say if I want to use site-to-site between my tiers and remote destination and I don’t want to use VR for site-to-site. Has someone tried that scenario ? Let me give an use case, I have a VPC with multiple Tier and VMs running, I am using a old version of CloudStack 4.7.1 with XenServer 7.0 in this we don’t have options to choose options like IKE Hash SHA256,384,512 and same for ESP Hash , IKE DH group 14,15,16 ( which is pretty much available in 4.13 ). So I want to establish a site-2-site using these security parameters which doesn’t exist in my version of CloudStack. Is there any way to achieve it for my older version ? So I wanted to check if someone has worked on this scenario and use any third party firewall appliance. Vivek Kumar
