Even when no SGs used, the agent still creates iptables/ebtables rules and should block mac/ip spoofing, wrong dhcp announces. Im not sure how it works in the current CS version, but believe it:
- either local bug which must be investigated thru agent logs and iptables/ebtables dumps - cs bug which was introduced recently. We have ancient acs 4.3 with basic zone without sg and no dhcp faking works there. Unfortunately now all my zones with SGs, so cannot check... пт, 9 авг. 2019 г., 4:17 Andrija Panic <andrija.pa...@gmail.com>: > Nope, that is the reason security groups should be used in multi-tenant > shared network... At least I'm not aware that is possible. > Not sure if hacking the DB is possible though... > > On Thu, 8 Aug 2019, 20:58 Fariborz Navidan, <mdvlinqu...@gmail.com> wrote: > > > Hello, > > I have found a user VM who is running a sort of DHCP server i.e. a VPN > > server, etc. User VM is on default shared network without security groups > > enabled in a Basic zone which does not spport multiple networks. Is there > > any way to either enable security groups on existing network and add rule > > to stop VMs offer DHCP and prevent conflicting with VR's DHCP or manually > > add a firewall rule on VR to filter DHCP traffic from user VMs? > > > > TIA > > >
