Added changes to create ingress fw rules in VNMC

2013-02-21 11:54:44 +05:30 · 2013-02-21 11:54:44 +05:30 · 1e38515f35
parent cb2fba9e7c
commit 1e38515f35
11 changed files with 1297 additions and 815 deletions
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/associate-acl-policy-set.xml
@ -0,0 +1,19 @@
+<configConfMos 
+  cookie="%cookie%" 
+  inHierarchical="false">
+    <inConfigs>
+      <pair key="%espdn%" >
+          <policyVirtualNetworkEdgeProfile
+          connTimeoutRef=""
+          descr="%descr%"
+          dn="%espdn%"
+          egressAclPsetRef="%egresspolicysetname%"
+          ingressAclPsetRef="%ingresspolicysetname%"
+          inspectRef=""
+          name="%name%"
+          natPsetRef="%natpolicysetname%"
+          status="modified"
+          vpnRef=""/>
+      </pair>
+    </inConfigs>
+</configConfMos>
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy-set.xml
@ -0,0 +1,28 @@
+
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+    <pair key="%aclpolicyrefdn%">
+      <policyPolicyNameRef
+      dn="%aclpolicyrefdn%"
+      order="100"
+      policyName="%aclpolicyname%"
+      status="created"/>
+    </pair>
+    <pair key="%aclpolicysetdn%">
+      <policyPolicySet
+      descr=""
+      dn="%aclpolicysetdn%"
+      name="%aclpolicysetname%"
+      status="created"/>
+    </pair>
+    </inConfigs>
+</configConfMos>
+
+<!--
+          aclpolicysetdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo"
+          aclpolicysetname="foo"
+		  aclpolicyrefdn="org-root/org-vlan-123/org-VDC-vlan-123/pset-foo/polref-bar"
+		  aclpolicyname="bar"
+--!>
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-acl-policy.xml
@ -0,0 +1,17 @@
+<configConfMo
+  dn=""
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfig>
+      <policyRuleBasedPolicy
+        descr=""
+        dn="%aclpolicydn%"
+        name="%aclpolicyname%"
+        status="created"/>
+    </inConfig>
+</configConfMo>
+
+<!--
+    aclpolicydn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy"
+    aclpolicyname="test_policy"
+--!>
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@ -0,0 +1,182 @@
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr=""
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="300"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-4">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-4"
+        id="4"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-4/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-4/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%destip%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-5">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-5"
+        id="5"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-5/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartport%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3">
+      <policyNetworkPort
+        appType="Other"
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-5/nw-expr2/nw-port-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendport%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+          aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+          aclrulename="dummy"
+		  actiontype="drop" or "permit"
+		  protocolvalue = "TCP" or UDP or ICMP
+		  sourcestartip="source start ip"
+		  sourceendip="source end ip"
+		  startport="start port at destination"
+		  endport="end port at destination"
+		  destinationip="public ip at destination"
+--!>
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-policy.xml
@ -0,0 +1,16 @@
+
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+    <inConfigs>
+
+      <pair key="%aclpolicydn%">
+        <policyRuleBasedPolicy
+          descr=""
+          dn="%aclpolicydn%"
+          name="%aclpolicyname%"
+          status="deleted,modified"/>
+      </pair>
+
+    </inConfigs>
+</configConfMos>
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/delete-acl-rule.xml
@ -0,0 +1,17 @@
+
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr=""
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="300"
+        status="deleted"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@ -22,55 +22,75 @@ import com.cloud.utils.exception.ExecutionException;

 public interface CiscoVnmcConnection {

-	public boolean createTenant(String tenantName) throws ExecutionException;
+    public boolean createTenant(String tenantName) throws ExecutionException;

-	public boolean createTenantVDC(String tenantName) throws ExecutionException;
+    public boolean createTenantVDC(String tenantName) throws ExecutionException;

-	public boolean createTenantVDCEdgeDeviceProfile(String tenantName)
-			throws ExecutionException;
+    public boolean createTenantVDCEdgeDeviceProfile(String tenantName)
+            throws ExecutionException;

-	public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName)
-			throws ExecutionException;
+    public boolean createTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;

-	public boolean createTenantVDCEdgeStaticRoute(String tenantName,
-			String nextHopIp, String outsideIntf, String destination,
-			String netmask) throws ExecutionException;
+    public boolean createTenantVDCEdgeStaticRoute(String tenantName,
+            String nextHopIp, String outsideIntf, String destination,
+            String netmask) throws ExecutionException;

-	public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
-			throws ExecutionException;
+    public boolean associateTenantVDCEdgeStaticRoutePolicy(String tenantName)
+            throws ExecutionException;

-	public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName,
-			String intfName) throws ExecutionException;
+    public boolean associateTenantVDCEdgeDhcpPolicy(String tenantName,
+            String intfName) throws ExecutionException;

-	public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
-			String startIp, String endIp, String subnet, String nameServerIp,
-			String domain) throws ExecutionException;
+    public boolean createTenantVDCEdgeDhcpPolicy(String tenantName,
+            String startIp, String endIp, String subnet, String nameServerIp,
+            String domain) throws ExecutionException;

-	public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName,
-			String intfName) throws ExecutionException;
+    public boolean associateTenantVDCEdgeDhcpServerPolicy(String tenantName,
+            String intfName) throws ExecutionException;

-	public boolean createTenantVDCEdgeSecurityProfile(String tenantName)
-			throws ExecutionException;
+    public boolean createTenantVDCEdgeSecurityProfile(String tenantName)
+            throws ExecutionException;

-	public boolean createTenantVDCSourceNATPool(String tenantName,
-			String publicIp) throws ExecutionException;
+    public boolean createTenantVDCSourceNATPool(String tenantName,
+            String publicIp) throws ExecutionException;

-	public boolean createTenantVDCSourceNATPolicy(String tenantName,
-			String startSourceIp, String endSourceIp) throws ExecutionException;
+    public boolean createTenantVDCSourceNATPolicy(String tenantName,
+            String startSourceIp, String endSourceIp) throws ExecutionException;

-	public boolean createTenantVDCNatPolicySet(String tenantName)
-			throws ExecutionException;
+    public boolean createTenantVDCNatPolicySet(String tenantName)
+            throws ExecutionException;

-	public boolean associateNatPolicySet(String tenantName)
-			throws ExecutionException;
+    public boolean associateNatPolicySet(String tenantName)
+            throws ExecutionException;

-	public boolean createEdgeFirewall(String tenantName, String publicIp,
-			String insideIp, String insideSubnet, String outsideSubnet)
-			throws ExecutionException;
+    public boolean createIngressAclRule(String tenantName, String identifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destStartPort, String destEndPort, String destIp)
+            throws ExecutionException;

-	public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
+    public boolean deleteAclRule(String tenantName, String identifier)
+            throws ExecutionException;

-	public boolean assocAsa1000v(String tenantName, String firewallDn)
-			throws ExecutionException;
+    public boolean createTenantVDCAclPolicy(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean deleteTenantVDCAclPolicy(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress)
+            throws ExecutionException;
+
+    public boolean associateAclPolicySet(String tenantName)
+            throws ExecutionException;
+
+    public boolean createEdgeFirewall(String tenantName, String publicIp,
+            String insideIp, String insideSubnet, String outsideSubnet)
+            throws ExecutionException;
+
+    public Map<String, String> listUnAssocAsa1000v() throws ExecutionException;
+
+    public boolean assocAsa1000v(String tenantName, String firewallDn)
+            throws ExecutionException;

 }
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@ -104,7 +104,6 @@ import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.Inject;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
-import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
@ -114,13 +113,13 @@ import com.cloud.vm.VirtualMachineProfile;
 public class CiscoVnmcElement extends AdapterBase implements SourceNatServiceProvider, FirewallServiceProvider,
    PortForwardingServiceProvider, IpDeployer, StaticNatServiceProvider, ResourceStateAdapter, NetworkElement,
    CiscoVnmcElementService, CiscoAsa1000vService {
-	private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
+    private static final Logger s_logger = Logger.getLogger(CiscoVnmcElement.class);
    private static final Map<Service, Map<Capability, String>> capabilities = setCapabilities();

    @Inject
    AgentManager _agentMgr;
    @Inject
-	ResourceManager _resourceMgr;
+    ResourceManager _resourceMgr;
    @Inject
    ConfigurationManager _configMgr;
    @Inject
@ -155,7 +154,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
            return false; //TODO: should handle VxLAN as well
        }

-        return true;        
+        return true;
    }

    @Override
@ -212,7 +211,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
    }

    private boolean configureSourceNat(long vlanId, String guestCidr,
-    		PublicIp sourceNatIp, long hostId) {
+            PublicIp sourceNatIp, long hostId) {
        boolean add = (sourceNatIp.getState() == IpAddress.State.Releasing ? false : true);
        IpAddressTO ip = new IpAddressTO(sourceNatIp.getAccountId(), sourceNatIp.getAddress().addr(), add, false,
                sourceNatIp.isSourceNat(), sourceNatIp.getVlanTag(), sourceNatIp.getGateway(), sourceNatIp.getNetmask(), sourceNatIp.getMacAddress(),
@ -230,7 +229,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
    }

    private boolean associateAsaWithLogicalEdgeFirewall(long vlanId,
-    		String asaMgmtIp, long hostId) {
+            String asaMgmtIp, long hostId) {
        AssociateAsaWithLogicalEdgeFirewallCommand cmd = 
                new AssociateAsaWithLogicalEdgeFirewallCommand(vlanId, asaMgmtIp);
        Answer answer = _agentMgr.easySend(hostId, cmd);
@ -239,9 +238,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro

    @Override
    public boolean implement(Network network, NetworkOffering offering,
-    	    DeployDestination dest, ReservationContext context)
-    	    throws ConcurrentOperationException, ResourceUnavailableException,
-    	    InsufficientCapacityException {
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
        DataCenter zone = _configMgr.getZone(network.getDataCenterId());

        if (zone.getNetworkType() == NetworkType.Basic) {
@ -280,13 +279,13 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
        if (asaList.isEmpty()) {
            s_logger.debug("No Cisco ASA 1000v device on network " + network.getName());
-        	return false;
+            return false;
        }

        NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId());
        if (asaForNetwork != null) {
            s_logger.debug("Cisco ASA 1000v device already associated with network " + network.getName());
-        	return true;
+            return true;
        }

        if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.SourceNat, Provider.CiscoVnmc)) {
@ -294,13 +293,13 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
            return false;
        }

-		Transaction txn = Transaction.currentTxn();
-		boolean status = false;
+        Transaction txn = Transaction.currentTxn();
+        boolean status = false;
        try {
-        	txn.start();
+            txn.start();

            // ensure that there is an ASA 1000v assigned to this network
-        	CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
+            CiscoAsa1000vDevice assignedAsa = assignAsa1000vToNetwork(network);
            if (assignedAsa == null) {
                s_logger.error("Unable to assign ASA 1000v device to network " + network.getName());
                return false;
@ -354,84 +353,84 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
        return true;
    }

-	@Override
-	public boolean prepare(Network network, NicProfile nic,
-			VirtualMachineProfile<? extends VirtualMachine> vm,
-			DeployDestination dest, ReservationContext context)
-			throws ConcurrentOperationException, ResourceUnavailableException,
-			InsufficientCapacityException {
-		//Ensure that there is an ASA 1000v assigned to this network
-		return true;
-	}
+    @Override
+    public boolean prepare(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            DeployDestination dest, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException,
+            InsufficientCapacityException {
+        //Ensure that there is an ASA 1000v assigned to this network
+        return true;
+    }

-	@Override
-	public boolean release(Network network, NicProfile nic,
-			VirtualMachineProfile<? extends VirtualMachine> vm,
-			ReservationContext context) throws ConcurrentOperationException,
-			ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean release(Network network, NicProfile nic,
+            VirtualMachineProfile<? extends VirtualMachine> vm,
+            ReservationContext context) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean shutdown(Network network, ReservationContext context,
-			boolean cleanup) throws ConcurrentOperationException,
-			ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean shutdown(Network network, ReservationContext context,
+            boolean cleanup) throws ConcurrentOperationException,
+            ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean isReady(PhysicalNetworkServiceProvider provider) {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean isReady(PhysicalNetworkServiceProvider provider) {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean shutdownProviderInstances(
-			PhysicalNetworkServiceProvider provider, ReservationContext context)
-			throws ConcurrentOperationException, ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean shutdownProviderInstances(
+            PhysicalNetworkServiceProvider provider, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean canEnableIndividualServices() {
-		return true;
-	}
+    @Override
+    public boolean canEnableIndividualServices() {
+        return true;
+    }

-	@Override
-	public boolean verifyServicesCombination(Set<Service> services) {
+    @Override
+    public boolean verifyServicesCombination(Set<Service> services) {
        if (!services.contains(Service.Firewall)) {
            s_logger.warn("CiscoVnmc must be used as Firewall Service Provider in the network");
            return false;
        }
        return true;
-	}
+    }

-	@Override
-	public boolean applyFWRules(Network network,
-			List<? extends FirewallRule> rules)
-			throws ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean applyFWRules(Network network,
+            List<? extends FirewallRule> rules)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean destroy(Network network, ReservationContext context)
-			throws ConcurrentOperationException, ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean destroy(Network network, ReservationContext context)
+            throws ConcurrentOperationException, ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public List<Class<?>> getCommands() {
-		// TODO Auto-generated method stub
-		return null;
-	}
+    @Override
+    public List<Class<?>> getCommands() {
+        // TODO Auto-generated method stub
+        return null;
+    }

-	@Override
-	public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
+    @Override
+    public CiscoVnmcController addCiscoVnmcResource(AddCiscoVnmcResourceCmd cmd) {
        String deviceName = Provider.CiscoVnmc.getName();
        NetworkDevice networkDevice = NetworkDevice.getNetworkDevice(deviceName);
        Long physicalNetworkId = cmd.getPhysicalNetworkId();
@ -469,7 +468,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
        Map<String, Object> hostdetails = new HashMap<String,Object>();
        hostdetails.putAll(params);

-		ServerResource resource = new CiscoVnmcResource();
+        ServerResource resource = new CiscoVnmcResource();
        Transaction txn = Transaction.currentTxn();
        try {
            resource.configure(cmd.getHost(), hostdetails);
@ -495,114 +494,114 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
        }
    }

-	@Override
-	public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
-			CiscoVnmcController ciscoVnmcResourceVO) {
-		HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());
+    @Override
+    public CiscoVnmcResourceResponse createCiscoVnmcResourceResponse(
+            CiscoVnmcController ciscoVnmcResourceVO) {
+        HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcResourceVO.getHostId());

-		CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
-		response.setId(ciscoVnmcResourceVO.getUuid());
-		response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
-		response.setProviderName(ciscoVnmcResourceVO.getProviderName());
-		response.setResourceName(ciscoVnmcHost.getName());
+        CiscoVnmcResourceResponse response = new CiscoVnmcResourceResponse();
+        response.setId(ciscoVnmcResourceVO.getUuid());
+        response.setPhysicalNetworkId(ciscoVnmcResourceVO.getPhysicalNetworkId());
+        response.setProviderName(ciscoVnmcResourceVO.getProviderName());
+        response.setResourceName(ciscoVnmcHost.getName());

-		return response;
-	}
+        return response;
+    }

-	@Override
-	public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean deleteCiscoVnmcResource(DeleteCiscoVnmcResourceCmd cmd) {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
-			ListCiscoVnmcResourcesCmd cmd) {
-		Long physicalNetworkId = cmd.getPhysicalNetworkId();
-		Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
-		List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();
+    @Override
+    public List<CiscoVnmcControllerVO> listCiscoVnmcResources(
+            ListCiscoVnmcResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoVnmcResourceId = cmd.getCiscoVnmcResourceId();
+        List<CiscoVnmcControllerVO> responseList = new ArrayList<CiscoVnmcControllerVO>();

-		if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
-			throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
-		}
+        if (physicalNetworkId == null && ciscoVnmcResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or vnmc device Id must be specified");
+        }

-		if (ciscoVnmcResourceId != null) {
-			CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
-			if (ciscoVnmcResource == null) {
-				throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
-			}
-			responseList.add(ciscoVnmcResource);
-		}
-		else {
-			PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
-			if (physicalNetwork == null) {
-				throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
-			}
-			responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
-		}
+        if (ciscoVnmcResourceId != null) {
+            CiscoVnmcControllerVO ciscoVnmcResource = _ciscoVnmcDao.findById(ciscoVnmcResourceId);
+            if (ciscoVnmcResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Vnmc device with id: " + ciscoVnmcResource);
+            }
+            responseList.add(ciscoVnmcResource);
+        }
+        else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoVnmcDao.listByPhysicalNetwork(physicalNetworkId);
+        }

-		return responseList;
-	}
-	
-	@Override
-	public IpDeployer getIpDeployer(Network network) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+        return responseList;
+    }
+    
+    @Override
+    public IpDeployer getIpDeployer(Network network) {
+        // TODO Auto-generated method stub
+        return null;
+    }

-	@Override
-	public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
-			throws ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean applyPFRules(Network network, List<PortForwardingRule> rules)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean applyStaticNats(Network config,
-			List<? extends StaticNat> rules)
-			throws ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean applyStaticNats(Network config,
+            List<? extends StaticNat> rules)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public boolean applyIps(Network network,
-			List<? extends PublicIpAddress> ipAddress, Set<Service> services)
-			throws ResourceUnavailableException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean applyIps(Network network,
+            List<? extends PublicIpAddress> ipAddress, Set<Service> services)
+            throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public HostVO createHostVOForConnectedAgent(HostVO host,
-			StartupCommand[] cmd) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+    @Override
+    public HostVO createHostVOForConnectedAgent(HostVO host,
+            StartupCommand[] cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }

-	@Override
-	public HostVO createHostVOForDirectConnectAgent(HostVO host,
-			StartupCommand[] startup, ServerResource resource,
-			Map<String, String> details, List<String> hostTags) {
+    @Override
+    public HostVO createHostVOForDirectConnectAgent(HostVO host,
+            StartupCommand[] startup, ServerResource resource,
+            Map<String, String> details, List<String> hostTags) {
        if (!(startup[0] instanceof StartupExternalFirewallCommand)) {
            return null;
        }
        host.setType(Host.Type.ExternalFirewall);
        return host;
-	}
+    }

-	@Override
-	public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
-			boolean isForceDeleteStorage) throws UnableDeleteHostException {
+    @Override
+    public DeleteHostAnswer deleteHost(HostVO host, boolean isForced,
+            boolean isForceDeleteStorage) throws UnableDeleteHostException {
        if (host.getType() != com.cloud.host.Host.Type.ExternalFirewall) {
            return null;
        }
        return new DeleteHostAnswer(true);
-	}
+    }

-	@Override
-	public CiscoAsa1000vDevice addCiscoAsa1000vResource(
-			AddCiscoAsa1000vResourceCmd cmd) {
+    @Override
+    public CiscoAsa1000vDevice addCiscoAsa1000vResource(
+            AddCiscoAsa1000vResourceCmd cmd) {
        Long physicalNetworkId = cmd.getPhysicalNetworkId();
        CiscoAsa1000vDevice ciscoAsa1000vResource = null;

@ -615,56 +614,56 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
        _ciscoAsa1000vDao.persist((CiscoAsa1000vDeviceVO)ciscoAsa1000vResource);
                
        return ciscoAsa1000vResource;
-	}
+    }

-	@Override
-	public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
-			CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
-		CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
-		response.setId(ciscoAsa1000vDeviceVO.getUuid());
-		response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
-		response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());
+    @Override
+    public CiscoAsa1000vResourceResponse createCiscoAsa1000vResourceResponse(
+            CiscoAsa1000vDevice ciscoAsa1000vDeviceVO) {
+        CiscoAsa1000vResourceResponse response = new CiscoAsa1000vResourceResponse();
+        response.setId(ciscoAsa1000vDeviceVO.getUuid());
+        response.setManagementIp(ciscoAsa1000vDeviceVO.getManagementIp());
+        response.setInPortProfile(ciscoAsa1000vDeviceVO.getInPortProfile());

-		return response;
-	}
+        return response;
+    }

-	@Override
-	public boolean deleteCiscoAsa1000vResource(
-			DeleteCiscoAsa1000vResourceCmd cmd) {
-		// TODO Auto-generated method stub
-		return false;
-	}
+    @Override
+    public boolean deleteCiscoAsa1000vResource(
+            DeleteCiscoAsa1000vResourceCmd cmd) {
+        // TODO Auto-generated method stub
+        return false;
+    }

-	@Override
-	public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
-			ListCiscoAsa1000vResourcesCmd cmd) {
-		Long physicalNetworkId = cmd.getPhysicalNetworkId();
-		Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
-		List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();
+    @Override
+    public List<CiscoAsa1000vDeviceVO> listCiscoAsa1000vResources(
+            ListCiscoAsa1000vResourcesCmd cmd) {
+        Long physicalNetworkId = cmd.getPhysicalNetworkId();
+        Long ciscoAsa1000vResourceId = cmd.getCiscoAsa1000vResourceId();
+        List<CiscoAsa1000vDeviceVO> responseList = new ArrayList<CiscoAsa1000vDeviceVO>();

-		if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
-			throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
-		}
+        if (physicalNetworkId == null && ciscoAsa1000vResourceId == null) {
+            throw new InvalidParameterValueException("Either physical network Id or Asa 1000v device Id must be specified");
+        }

-		if (ciscoAsa1000vResourceId != null) {
-			CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
-			if (ciscoAsa1000vResource == null) {
-				throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
-			}
-			responseList.add(ciscoAsa1000vResource);
-		} else {
-			PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
-			if (physicalNetwork == null) {
-				throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
-			}
-			responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
-		}
+        if (ciscoAsa1000vResourceId != null) {
+            CiscoAsa1000vDeviceVO ciscoAsa1000vResource = _ciscoAsa1000vDao.findById(ciscoAsa1000vResourceId);
+            if (ciscoAsa1000vResource == null) {
+                throw new InvalidParameterValueException("Could not find Cisco Asa 1000v device with id: " + ciscoAsa1000vResourceId);
+            }
+            responseList.add(ciscoAsa1000vResource);
+        } else {
+            PhysicalNetworkVO physicalNetwork = _physicalNetworkDao.findById(physicalNetworkId);
+            if (physicalNetwork == null) {
+                throw new InvalidParameterValueException("Could not find a physical network with id: " + physicalNetworkId);
+            }
+            responseList = _ciscoAsa1000vDao.listByPhysicalNetwork(physicalNetworkId);
+        }

-		return responseList;
-	}
+        return responseList;
+    }

-	@Override
-	public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
+    @Override
+    public CiscoAsa1000vDevice assignAsa1000vToNetwork(Network network) {
        List<CiscoAsa1000vDeviceVO> asaList = _ciscoAsa1000vDao.listByPhysicalNetwork(network.getPhysicalNetworkId());
        for (CiscoAsa1000vDeviceVO asa : asaList) {
            NetworkAsa1000vMapVO assignedToNetwork = _networkAsa1000vMapDao.findByAsa1000vId(asa.getId());
@ -672,7 +671,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
                NetworkAsa1000vMapVO networkAsaMap = new NetworkAsa1000vMapVO(network.getId(), asa.getId());
                _networkAsa1000vMapDao.persist(networkAsaMap);
                return asa;
-        	}
+            }
        }
        return null;
    }
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@ -42,9 +42,11 @@ import com.cloud.agent.api.StartupExternalFirewallCommand;
 import com.cloud.agent.api.routing.IpAssocAnswer;
 import com.cloud.agent.api.routing.IpAssocCommand;
 import com.cloud.agent.api.routing.NetworkElementCommand;
+import com.cloud.agent.api.routing.SetFirewallRulesCommand;
 import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
 import com.cloud.agent.api.routing.SetSourceNatCommand;
 import com.cloud.agent.api.routing.SetStaticNatRulesCommand;
+import com.cloud.agent.api.to.FirewallRuleTO;
 import com.cloud.host.Host;
 import com.cloud.network.cisco.CiscoVnmcConnectionImpl;
 import com.cloud.resource.ServerResource;
@ -71,7 +73,7 @@ public class CiscoVnmcResource implements ServerResource{
    private String _publicInterface;
    private String _privateInterface;

-	CiscoVnmcConnectionImpl _connection;
+    CiscoVnmcConnectionImpl _connection;

    private final Logger s_logger = Logger.getLogger(CiscoVnmcResource.class);

@ -84,6 +86,8 @@ public class CiscoVnmcResource implements ServerResource{
            return execute((IpAssocCommand) cmd);
        } else if (cmd instanceof SetSourceNatCommand) {
            return execute((SetSourceNatCommand) cmd);
+        } else if (cmd instanceof SetFirewallRulesCommand) {
+            return execute((SetFirewallRulesCommand) cmd);
        } else if (cmd instanceof SetStaticNatRulesCommand) {
            return execute((SetStaticNatRulesCommand) cmd);
        } else if (cmd instanceof SetPortForwardingRulesCommand) {
@ -93,9 +97,9 @@ public class CiscoVnmcResource implements ServerResource{
        } else if (cmd instanceof CreateLogicalEdgeFirewallCommand) {
            return execute((CreateLogicalEdgeFirewallCommand)cmd);
        } else if (cmd instanceof ConfigureNexusVsmForAsaCommand) {
-        	return execute((ConfigureNexusVsmForAsaCommand)cmd);
+            return execute((ConfigureNexusVsmForAsaCommand)cmd);
        } else if (cmd instanceof AssociateAsaWithLogicalEdgeFirewallCommand) {
-        	return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
+            return execute((AssociateAsaWithLogicalEdgeFirewallCommand)cmd);
        } else {
            return Answer.createUnsupportedCommandAnswer(cmd);
        }
@ -131,7 +135,7 @@ public class CiscoVnmcResource implements ServerResource{
            _password = (String) params.get("password");
            if (_password == null) {
                throw new ConfigurationException("Unable to find password");
-            }			
+            }            

            _publicInterface = (String) params.get("publicinterface");
            if (_publicInterface == null) {
@ -232,7 +236,7 @@ public class CiscoVnmcResource implements ServerResource{
    }

    private ExternalNetworkResourceUsageAnswer execute(ExternalNetworkResourceUsageCommand cmd) {
-    	return new ExternalNetworkResourceUsageAnswer(cmd);
+        return new ExternalNetworkResourceUsageAnswer(cmd);
    }

    /*
@ -243,13 +247,13 @@ public class CiscoVnmcResource implements ServerResource{
        try {
            ret = _connection.login();
        } catch (ExecutionException ex) {
-        	s_logger.error("Login to Vnmc failed", ex);
+            s_logger.error("Login to Vnmc failed", ex);
        }
        return ret;
    }

    private synchronized Answer execute(IpAssocCommand cmd) {
-    	refreshVnmcConnection();
+        refreshVnmcConnection();
        return execute(cmd, _numRetries);
    }

@ -262,17 +266,17 @@ public class CiscoVnmcResource implements ServerResource{
     * Source NAT
     */
    private synchronized Answer execute(SetSourceNatCommand cmd) {
-    	refreshVnmcConnection();
+        refreshVnmcConnection();
        return execute(cmd, _numRetries);
    }

    private Answer execute(SetSourceNatCommand cmd, int numRetries) {
-    	String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
        String tenant = "vlan-" + vlanId;
        try {
            // create-nat-policy-set
            if (!_connection.createTenantVDCNatPolicySet(tenant)) {
-            	throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
+                throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId);
            }

            // create-source-nat-pool
@ -304,11 +308,66 @@ public class CiscoVnmcResource implements ServerResource{
        return new Answer(cmd, true, "Success");
    }

+    /*
+     * Firewall rule
+     */
+    private synchronized Answer execute(SetFirewallRulesCommand cmd) {
+        refreshVnmcConnection();
+        return execute(cmd, _numRetries);
+    }
+
+    private Answer execute(SetFirewallRulesCommand cmd, int numRetries) {
+        String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG);
+        String tenant = "vlan-" + vlanId;
+        try {
+            // create-acl-policy-set for ingress
+            _connection.createTenantVDCAclPolicySet(tenant, true);
+
+            // delete-acl-policy for ingress
+            _connection.deleteTenantVDCAclPolicy(tenant, true);
+            // delete-acl-policy for egress
+
+            // create-acl-policy for ingress
+            _connection.createTenantVDCAclPolicy(tenant, true);
+
+            // create-acl-policy-set for egress
+            // create-acl-policy for egress
+
+            FirewallRuleTO[] rules = cmd.getRules();
+            for (FirewallRuleTO rule : rules) {
+                if (rule.revoked()) {
+                    // delete-acl-rule
+                    //_connection.deleteAclRule(tenant, Long.toString(rule.getId()));
+                } else {
+                    String cidr = rule.getSourceCidrList().get(0);
+                    String[] result = cidr.split("\\/");
+                    assert (result.length == 2) : "Something is wrong with source cidr " + cidr;
+                    long size = Long.valueOf(result[1]);
+                    String startIp = NetUtils.getIpRangeStartIpFromCidr(result[0], size);
+                    String endIp = NetUtils.getIpRangeEndIpFromCidr(result[0], size);
+                    // create-ingress-acl-rule
+                    _connection.createIngressAclRule(tenant,
+                            Long.toString(rule.getId()), rule.getProtocol().toUpperCase(), startIp, endIp,
+                            Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), rule.getSrcIp());
+                }
+            }
+
+            // associate-acl-policy-set
+            _connection.associateAclPolicySet(tenant);
+        } catch (Throwable e) {
+            String msg = "SetFirewallRulesCommand failed due to " + e.getMessage();
+            s_logger.error(msg, e);
+            return new Answer(cmd, false, msg);
+        }
+
+        return new Answer(cmd);
+    }
+
    /*
     * Static NAT
     */
    private synchronized Answer execute(SetStaticNatRulesCommand cmd) {
-    	refreshVnmcConnection();
+        refreshVnmcConnection();
        return execute(cmd, _numRetries);
    }

@ -320,7 +379,7 @@ public class CiscoVnmcResource implements ServerResource{
     * Destination NAT
     */
    private synchronized Answer execute(SetPortForwardingRulesCommand cmd) {
-    	refreshVnmcConnection();
+        refreshVnmcConnection();
        return execute(cmd, _numRetries);
    }

@ -332,7 +391,7 @@ public class CiscoVnmcResource implements ServerResource{
     * Logical edge firewall
     */
    private synchronized Answer execute(CreateLogicalEdgeFirewallCommand cmd) {
-    	refreshVnmcConnection();
+        refreshVnmcConnection();
        return execute(cmd, _numRetries);
    }

@ -341,19 +400,19 @@ public class CiscoVnmcResource implements ServerResource{
        try {
            // create tenant
            if (!_connection.createTenant(tenant))
-            	throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());
+                throw new Exception("Failed to create tenant in VNMC for guest network with vlan " + cmd.getVlanId());

            // create tenant VDC
            if (!_connection.createTenantVDC(tenant))
-            	throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());
+                throw new Exception("Failed to create tenant VDC in VNMC for guest network with vlan " + cmd.getVlanId());

            // create edge security profile
            if (!_connection.createTenantVDCEdgeSecurityProfile(tenant))
-            	throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());
+                throw new Exception("Failed to create tenant edge security profile in VNMC for guest network with vlan " + cmd.getVlanId());

            // create logical edge firewall
            if (!_connection.createEdgeFirewall(tenant, cmd.getPublicIp(), cmd.getInternalIp(), cmd.getPublicSubnet(), cmd.getInternalSubnet()))
-            	throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
+                throw new Exception("Failed to create edge firewall in VNMC for guest network with vlan " + cmd.getVlanId());
        } catch (Throwable e) {
            String msg = "CreateLogicalEdgeFirewallCommand failed due to " + e.getMessage();
            s_logger.error(msg, e);
@ -371,7 +430,7 @@ public class CiscoVnmcResource implements ServerResource{
    }

    private Answer execute(ConfigureNexusVsmForAsaCommand cmd, int numRetries) {
-    	String vlanId = Long.toString(cmd.getVlanId());
+        String vlanId = Long.toString(cmd.getVlanId());
        NetconfHelper helper = null;
        List<Pair<OperationType, String>> params = new ArrayList<Pair<OperationType, String>>();
        params.add(new Pair<OperationType, String>(OperationType.addvlanid, vlanId));
--- a/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
+++ b/plugins/network-elements/cisco-vnmc/test/com/cloud/network/cisco/CiscoVnmcConnectionTest.java
@ -30,229 +30,215 @@ import com.cloud.utils.exception.ExecutionException;

@Ignore("Requires actual VNMC to connect to")
 public class CiscoVnmcConnectionTest {
-	static CiscoVnmcConnectionImpl connection;
-	static String tenantName = "TenantE";
-	static Map<String, String> fwDns = null;
-	
-	@BeforeClass
-	public static void setUpClass() throws Exception {
-		connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
-		try {
-			boolean response = connection.login();
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
+    static CiscoVnmcConnectionImpl connection;
+    static String tenantName = "TenantE";
+    static Map<String, String> fwDns = null;

-	
-	@Test
-	public void testLogin() {
-		//fail("Not yet implemented");
-		try {
-			boolean response = connection.login();
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+        connection = new CiscoVnmcConnectionImpl("10.223.56.5", "admin", "C1sco123");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }

-	
-	@Test
-	public void testCreateTenant() {
-		//fail("Not yet implemented");
-		try {
-			boolean response = connection.createTenant(tenantName);
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDC() {
-		//fail("Not yet implemented");
-		try {
-			boolean response = connection.createTenantVDC(tenantName);
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCEdgeDeviceProfile() {
-		//fail("Not yet implemented");
-		try {
-			boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
-		try {
-			boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCEdgeDeviceRoute() {
-		try {
-			boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName, 
-					"10.223.136.1", "Edge_Outside", "0.0.0.0", "0.0.0.0");
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testAssociateRoutePolicyWithEdgeProfile() {
-		try {
-			boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testAssociateTenantVDCEdgeDhcpPolicy() {
-		try {
-			boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside"); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCEdgeDhcpPolicy() {
-		try {
-			boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName, 
-					"10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net"); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCEdgeSecurityProfile() {
-		try {
-			boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCSourceNATPool() {
-		try {
-			boolean response = connection.createTenantVDCSourceNATPool(tenantName, "10.223.136.10"); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCSourceNATPolicy() {
-		try {
-			boolean response = connection.createTenantVDCSourceNATPolicy(tenantName, "10.1.1.2", "10.1.1.254"); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateTenantVDCNatPolicySet() {
-		try {
-			boolean response = connection.createTenantVDCNatPolicySet(tenantName); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testAssociateNatPolicySet() {
-		try {
-			boolean response = connection.associateNatPolicySet(tenantName); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void testCreateEdgeFirewall() {
-		try {
-			boolean response = connection.createEdgeFirewall(tenantName, 
-					"44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192"); 
-			assertTrue(response);
-		} catch (ExecutionException e) {
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void testListUnassocAsa1000v() {
-		try {
-			Map<String, String> response = connection.listUnAssocAsa1000v(); 
-			assertTrue(response.size() >=0);
-			fwDns = response;
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
-	
-	
-	@Test
-	public void assocAsa1000v() {
-		try {
-			boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0)); 
-			assertTrue(result);
-		} catch (ExecutionException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
+    
+    @Test
+    public void testLogin() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.login();
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    
+    @Test
+    public void testCreateTenant() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenant(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDC() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDC(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceProfile() {
+        //fail("Not yet implemented");
+        try {
+            boolean response = connection.createTenantVDCEdgeDeviceProfile(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoutePolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoutePolicy(tenantName);
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDeviceRoute() {
+        try {
+            boolean response = connection.createTenantVDCEdgeStaticRoute(tenantName, 
+                    "10.223.136.1", "Edge_Outside", "0.0.0.0", "0.0.0.0");
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateRoutePolicyWithEdgeProfile() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeStaticRoutePolicy(tenantName); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.associateTenantVDCEdgeDhcpPolicy(tenantName, "Edge_Inside"); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeDhcpPolicy() {
+        try {
+            boolean response = connection.createTenantVDCEdgeDhcpPolicy(tenantName, 
+                    "10.1.1.2", "10.1.1.254", "255.255.255.0","4.4.4.4", tenantName+ ".net"); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCEdgeSecurityProfile() {
+        try {
+            boolean response = connection.createTenantVDCEdgeSecurityProfile(tenantName); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNATPool() {
+        try {
+            boolean response = connection.createTenantVDCSourceNATPool(tenantName, "10.223.136.10"); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCSourceNATPolicy() {
+        try {
+            boolean response = connection.createTenantVDCSourceNATPolicy(tenantName, "10.1.1.2", "10.1.1.254"); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateTenantVDCNatPolicySet() {
+        try {
+            boolean response = connection.createTenantVDCNatPolicySet(tenantName); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testAssociateNatPolicySet() {
+        try {
+            boolean response = connection.associateNatPolicySet(tenantName); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testCreateEdgeFirewall() {
+        try {
+            boolean response = connection.createEdgeFirewall(tenantName, 
+                    "44.44.44.44", "192.168.1.1", "255.255.255.0", "255.255.255.192"); 
+            assertTrue(response);
+        } catch (ExecutionException e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testListUnassocAsa1000v() {
+        try {
+            Map<String, String> response = connection.listUnAssocAsa1000v(); 
+            assertTrue(response.size() >=0);
+            fwDns = response;
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void assocAsa1000v() {
+        try {
+            boolean result = connection.assocAsa1000v(tenantName, fwDns.get(0)); 
+            assertTrue(result);
+        } catch (ExecutionException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+    }
 }