[ https://issues.apache.org/jira/browse/CLOUDSTACK-4722?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Travis Graham reassigned CLOUDSTACK-4722: ----------------------------------------- Assignee: Travis Graham > Call more attention to egress traffic being denied by default in isolated > networks > ---------------------------------------------------------------------------------- > > Key: CLOUDSTACK-4722 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4722 > Project: CloudStack > Issue Type: Improvement > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Doc > Affects Versions: 4.1.1 > Reporter: Kirk Kosinski > Assignee: Travis Graham > Priority: Minor > Labels: adminguide > > Egress traffic is denied by default in isolated networks using the CloudStack > virtual router created in CloudStack 4.1.0 and later (see CLOUDSTACK-299). > This information is explained in the Creating Egress Firewall Rules in an > Advanced Zone section of the admin guide: > By default, the egress traffic is blocked, so no outgoing traffic is allowed > from a guest network to the Internet. However, you can control the egress > traffic in an Advanced zone by creating egress firewall rules. > This is very critical information, but unfortunately is easy to miss. It > should be highlighted somehow, such as in a Note. > Additionally, it would be useful to explain that during an upgrade from > previous versions, egress rules allowing all traffic are created for existing > networks to match the previous behavior of allowing all egress traffic. This > is confusing since after an upgrade, all of the existing networks are working > the same as before, but newly created networks will not. -- This message was sent by Atlassian JIRA (v6.1#6144)