OK!
I think then we have to move forward :-)
Thanks a lot for your time!
Regards,
G.
On Tue, 16 Feb 2016 20:41:36 -0200, Martinx - ジェームズ wrote:
I dont think that youll be able to do that in IceHouse, neither on
Juno.
Only Kilo and Liberty have a native function to disable the
port_security per port. Without it, OpenStack Neutron (and also Nova
Network, I guess) will not allow the firewall Instance to work
correctly. It will not see any packets that are not destined to it
and
also, it will not be able to forward packets, because the Neutron
(and
Nova Network), will drop the packets soon as it leaves the firewall
Instance.
Im not aware of a solution nice for IceHouse...
On 16 February 2016 at 06:26, Georgios Dimitrakakis wrote:
Mark and Martinx thank you both for your suggestions.
I had tried to build PFSense in the past but without success.
Indeed my goal is to run the virtual firewall as an instance since
I am on an older OpenStack version (IceHouse) with nova-networking
and therefore I cannot have control over the outgoing connections.
Regards,
G.
For running it as an Instance?
You can try:
- PFSense;
- Zentyal;
However, youll need to make use of the Neutron feature called
"port_security_enabled = false" for the vNIC attached to the
"internal" subnet (behind the firewall).
Just a curiosity, why dont you use the Neutron native firewall
that
resides on each L3 Router?
On 15 February 2016 at 15:56, Georgios Dimitrakakis wrote:
Hi!
Can anyone suggest me of a virtual firewall appliance which is
compatible with OpenStack?
Best regards,
G.
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[1] [1]
Post to : [email protected] [2] [2]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[3] [3]
Links:
------
[1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[4]
[2] mailto:[email protected] [5]
[3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[6]
[4] mailto:[email protected] [7]
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [8]
Post to : [email protected] [9]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [10]
Links:
------
[1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[2] mailto:[email protected]
[3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[4] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[5] mailto:[email protected]
[6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[7] mailto:[email protected]
[8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[9] mailto:[email protected]
[10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[11] mailto:[email protected]
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
