[
https://issues.apache.org/jira/browse/CLOUDSTACK-4722?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daan Hoogland closed CLOUDSTACK-4722.
-------------------------------------
Resolution: Won't Fix
> Call more attention to egress traffic being denied by default in isolated
> networks
> ----------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-4722
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4722
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Doc
> Affects Versions: 4.1.1
> Reporter: Kirk Kosinski
> Priority: Minor
> Labels: adminguide
>
> Egress traffic is denied by default in isolated networks using the CloudStack
> virtual router created in CloudStack 4.1.0 and later (see CLOUDSTACK-299).
> This information is explained in the Creating Egress Firewall Rules in an
> Advanced Zone section of the admin guide:
> By default, the egress traffic is blocked, so no outgoing traffic is allowed
> from a guest network to the Internet. However, you can control the egress
> traffic in an Advanced zone by creating egress firewall rules.
> This is very critical information, but unfortunately is easy to miss. It
> should be highlighted somehow, such as in a Note.
> Additionally, it would be useful to explain that during an upgrade from
> previous versions, egress rules allowing all traffic are created for existing
> networks to match the previous behavior of allowing all egress traffic. This
> is confusing since after an upgrade, all of the existing networks are working
> the same as before, but newly created networks will not.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
