----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/11224/#review20784 -----------------------------------------------------------
plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java <https://reviews.apache.org/r/11224/#comment42875> Why ICMP's getSrcPortRange is null(then need the min/max default value)? plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java <https://reviews.apache.org/r/11224/#comment42876> I think it's wrong here. Firewall is only firewall, it won't and shouldn't response to the ICMP or other request, unless port forwarding or static nat rule configured. - Sheng Yang On May 20, 2013, 5:55 a.m., Jayapal Reddy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/11224/ > ----------------------------------------------------------- > > (Updated May 20, 2013, 5:55 a.m.) > > > Review request for cloudstack, Abhinandan Prateek, Sheng Yang, and Murali > Reddy. > > > Description > ------- > > 1. Updated to configure the firewall filter for the icmp protocol > 2. Proxy arp is required for icmp response on SRX public IP. So adding proxy > arp along with firewall rules > > > This addresses bug CLOUDSTACK-2386. > > > Diffs > ----- > > > plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java > a429306 > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java > a0068c3 > server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java 4a90a77 > utils/src/com/cloud/utils/net/NetUtils.java 9551c26 > > Diff: https://reviews.apache.org/r/11224/diff/ > > > Testing > ------- > > 1. Added icmp firewall rule and tested ping to public ip from the public > subnet > 2. Tested configuring Static NAT and PF > > > Thanks, > > Jayapal Reddy > >
