Hi Irvin, To access a vm in an isolated network, you need to use static nat, port forwarding or load balancer.
Please refer to http://docs.cloudstack.apache.org/en/4.15.2.0/adminguide/networking/ip_forwarding_and_firewalling.html -Wei On Thu, 21 Oct 2021 at 11:09, SVI <jcapagc...@svi.com.ph> wrote: > Thanks Wei! Another thing, can I set a default firewall rule? For egress, > I’ll check the networking offering > > Thanks, > Irvin > > > On Oct 21, 2021, at 4:44 PM, Wei ZHOU <ustcweiz...@gmail.com> wrote: > > > > Hi SVI, > > > > It looks like you do use an advanced zone. > > > > If your users create vm on isolated networks, please see my first reply. > > If your users create vm on shared networks, firewall/ingress/egress rule > is not supported in cloudstack. You need to configure the firewall in vms. > > > > -Wei > > > > On Thu, 21 Oct 2021 at 10:15, SVI <jcapagc...@svi.com.ph <mailto: > jcapagc...@svi.com.ph>> wrote: > > I’m currently using 4.15.2, Zone and cluster is XenServer, XCP-NG 8.2.0. > > > > Additional details: > > > > Zone: > > Network Type: Advanced > > Security Groups: Disabled > > 2 Physical Networks > > <Screen Shot 2021-10-21 at 4.10.39 PM.png> > > > > Pod: > > <Screen Shot 2021-10-21 at 4.12.12 PM.png> > > > > Cluster: > > <Screen Shot 2021-10-21 at 4.13.04 PM.png> > > > > Host: > > > > > > Thanks, > > Irvin > > > >> On Oct 21, 2021, at 3:59 PM, Wei ZHOU <ustcweiz...@gmail.com <mailto: > ustcweiz...@gmail.com>> wrote: > >> > >> Hi, > >> > >> As I said, please give more details. Otherwise, it is hard to answer > >> your questions. > >> > >> for example, zone type, network type, hypervisor ... > >> > >> -Wei > >> > >> > >> > >> On Thu, 21 Oct 2021 at 09:49, SVI <jcapagc...@svi.com.ph <mailto: > jcapagc...@svi.com.ph>> wrote: > >> > >>> Hi Wei, > >>> > >>> Unfortunately, I am not using advanced zone. And yes, the Cloudstack UI > >>> (4.15.2) is exposed to users. > >>> > >>> Thanks. > >>> > >>>> On Oct 21, 2021, at 2:37 PM, Wei ZHOU <ustcweiz...@gmail.com <mailto: > ustcweiz...@gmail.com>> wrote: > >>>> > >>>> Hi, > >>>> > >>>> I assume you use isolated networks in advanced zone. > >>>> the firewall rule list is empty by default, egress rule can be "allow > >>> all" > >>>> or "deny all" per network(check 'default egress policy' of network > >>> offering) > >>>> > >>>> Do you expose cloudstack api/ui to users ? It's better to give more > >>> details. > >>>> > >>>> -Wei > >>>> > >>>> On Thu, 21 Oct 2021 at 02:52, SVI <jcapagc...@svi.com.ph <mailto: > jcapagc...@svi.com.ph>> wrote: > >>>> > >>>>> Hi, > >>>>> > >>>>> I need help in setting up default networking for new users that will > >>>>> create an instance. I wanted it to have a default firewall rule and > >>> default > >>>>> egress rule so they don’t need to set it up on initial creation of > >>>>> instance. How can I do this? > >>>>> > >>>>> Thanks. > >>> > >>> > > > >