From add0251cf03d4d1ac1428045a73bec3b5bca10c8 Mon Sep 17 00:00:00 2001 From: Radhika PC Date: Wed, 7 Aug 2013 14:15:29 +0530 Subject: [PATCH] CLOUDSTACK-2685 --- docs/en-US/egress-firewall-rule.xml | 60 ++++++++++++++++------------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/docs/en-US/egress-firewall-rule.xml b/docs/en-US/egress-firewall-rule.xml index 68d989800da..17bf15eb18c 100644 --- a/docs/en-US/egress-firewall-rule.xml +++ b/docs/en-US/egress-firewall-rule.xml @@ -19,31 +19,41 @@ under the License. -->
- Egress Firewall Rules in Advanced Zone + Egress Firewall Rules in an Advanced Zone The egress traffic originates from a private network to a public network, such as the - Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed from a - guest network to the Internet. However, you can control the egress traffic in an Advanced zone - by creating egress firewall rules. When an egress firewall rule is applied, the traffic specific - to the rule is allowed and the remaining traffic is blocked. When all the firewall rules are - removed the default policy, Block, is applied. - Egress firewall rules are supported on Juniper SRX and virtual router. - - The egress firewall rules are not supported on shared networks. - - Consider the following scenarios to apply egress firewall rules: - - - Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest - network CIDR. - - - Allow the egress traffic with destination protocol TCP,UDP,ICMP, or ALL. - - - Allow the egress traffic with destination protocol and port range. The port range is - specified for TCP, UDP or for ICMP type and code. - - + Internet. By default, the egress traffic is blocked in default network offerings, so no outgoing + traffic is allowed from a guest network to the Internet. However, you can control the egress + traffic in an Advanced zone by creating egress firewall rules. When an egress firewall rule is + applied, the traffic specific to the rule is allowed and the remaining traffic is blocked. When + all the firewall rules are removed the default policy, Block, is applied. +
+ Prerequisites and Guidelines + Consider the following scenarios to apply egress firewall rules: + + + Egress firewall rules are supported on Juniper SRX and virtual router. + + + The egress firewall rules are not supported on shared networks. + + + Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest + network CIDR. + + + Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL. + + + Allow the egress traffic with protocol and destination port range. The port range is + specified for TCP, UDP or for ICMP type and code. + + + The default policy is Allow for the new network offerings, whereas on upgrade existing + network offerings with firewall service providers will have the default egress policy + Deny. + + +
Configuring an Egress Firewall Rule @@ -154,7 +164,5 @@ allowed. - On upgrade existing network offerings with firewall service providers will have the - default egress policy DENY.