Hello Alex, Thanks for the response.
I have implemented second case multiple time multiple times when I create s2s between my firewall and end customer’s device, and then extend the connectivity from firewall to VR via Private Gateway and that works pretty perfect. But in this particular case we can’t use firewall so that’s why I wanted to use any virtually appliance under a VPC which can give me any alternative, So how do we achieve the connectivity of Virtual appliance since Tier will use the private subnet so if I use the Static NAT with PFsense will it work ? Because in pfsense it will always identified as a private IP. Vivek Kumar This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential and/or privileged. If you are not the intended recipient please delete the original message and any copy of it from your computer system. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited unless proper authorization has been obtained for such action. If you have received this communication in error, please notify the sender immediately. Although IndiQus attempts to sweep e-mail and attachments for viruses, it does not guarantee that both are virus-free and accepts no liability for any damage sustained as a result of viruses. > On 30-Apr-2020, at 2:11 PM, Alex Mattioli <alex.matti...@shapeblue.com> wrote: > > Hi Vivek, > I've actually done exactly that with both PaloAlto and Checkpoint firewalls. > In one case created the VPC with a "public" IP in the same network as the > FW's Inside interface, which is a bit too much work to be honest (and can get > messy). > In another case in a POC I just used the VPC's Private Gateway function to > connect it to the FW, which could then be either physical or virtual. > > Cheers, > Alex Mattioli > > alex.matti...@shapeblue.com > www.shapeblue.com > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > > > -----Original Message----- > From: Vivek Kumar <vivek.ku...@indiqus.com> > Sent: 29 April 2020 21:39 > To: users@cloudstack.apache.org > Subject: Pfsense like external firewall with CloudStack > > Hello Folks, > > Have someone ever tried to deploy a pfsense or any other virtual firewall > appliance under a VPC to extend the security feature. Let’s say if I want to > use site-to-site between my tiers and remote destination and I don’t want to > use VR for site-to-site. Has someone tried that scenario ? > > Let me give an use case, I have a VPC with multiple Tier and VMs running, I > am using a old version of CloudStack 4.7.1 with XenServer 7.0 in this we > don’t have options to choose options like IKE Hash SHA256,384,512 and same > for ESP Hash , IKE DH group 14,15,16 ( which is pretty much available in 4.13 > ). So I want to establish a site-2-site using these security parameters > which doesn’t exist in my version of CloudStack. Is there any way to achieve > it for my older version ? So I wanted to check if someone has worked on this > scenario and use any third party firewall appliance. > > > > Vivek Kumar > >
