Kirk Kosinski created CLOUDSTACK-4723:
-----------------------------------------
Summary: Call more attention to egress traffic being denied by
default in isolated networks
Key: CLOUDSTACK-4723
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4723
Project: CloudStack
Issue Type: Improvement
Security Level: Public (Anyone can view this level - this is the default.)
Components: Doc
Affects Versions: 4.1.1
Reporter: Kirk Kosinski
Priority: Minor
Egress traffic is denied by default in isolated networks using the CloudStack
virtual router created in CloudStack 4.1.0 and later (see CLOUDSTACK-299).
This information is explained in the Creating Egress Firewall Rules in an
Advanced Zone section of the admin guide:
By default, the egress traffic is blocked, so no outgoing traffic is allowed
from a guest network to the Internet. However, you can control the egress
traffic in an Advanced zone by creating egress firewall rules.
This is very critical information, but unfortunately is easy to miss. It
should be highlighted somehow, such as in a Note.
Additionally, it would be useful to explain that during an upgrade from
previous versions, egress rules allowing all traffic are created for existing
networks to match the previous behavior of allowing all egress traffic. This
is confusing since after an upgrade, all of the existing networks are working
the same as before, but newly created networks will not.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
