Sailaja Mada created CLOUDSTACK-2509:
----------------------------------------
Summary: [Cisco VNMC]No way to block incoming traffic as ACL
created with PF/Static Nat is Source is Any
Key: CLOUDSTACK-2509
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2509
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Network Devices
Affects Versions: 4.2.0
Reporter: Sailaja Mada
Setup: Advanced Networking Zone, Nexus 1000v VMWARE cluster , CISCO VNMC as
PF/Static Nat/Source Nat/Firewall provider
Observation:
1. Created Network Offering with CISCO VNMC as PF/Static Nat/Source
Nat/Firewall provider
2. Create Guest Network with above offering and deploy instance using this
network
3. Configure PF rule with 22 TCP port and add above deployed VM
4. Access VNMC and verify the ACL's created @ policy Management dash board with
this VLAN tenant.
Observation :
1.There is an ACL with Source as any Destination as the VM with specific port.
2. With the current implementation of CISCO ASA firewall , we allow all the
incoming traffic with the specific ports being open thru PF/Static NAT
3. There is no way to block incoming traffic as ACL created with PF/Static Nat
is Source is Any .
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
