[jira] [Commented] (CLOUDSTACK-2220) SRX - By default, egress traffic is NOT BLOCKED from guest network to public network

[Jayapal Reddy (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-2220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13648185#comment-13648185
 ] 

Jayapal Reddy commented on CLOUDSTACK-2220:
-------------------------------------------

Hi Angeline,

In your setup added  the below egress rules  rules for network adminsrx.
0.0.0.0/0, tcp 1-8090 
0.0.0.0/0  icmp -1,-1

>From Z1adminsrxv1 VM able to ping and ssh to nfs1.lab.vmops.com.

I don't see any issues, go to your setup and try ping and ssh.

For VMs in adminsrx network, tcp 1-8090 and icmp traffic will be allowed to 
public side.
                
> SRX - By default, egress traffic is NOT BLOCKED from guest network to public 
> network 
> -------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2220
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2220
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: MS ACS 4.2 build 4/24/13 7:48 PM revision: 
> 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
>            Reporter: angeline shen
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: management-server.log.gz
>
>
> MS ACS 4.2 build 4/24/13 7:48 PM revision: 
> 299cccf779f75c3ba04d9ec7303bed88394c3562
> host XS 6.0.2 
> 1. SRX network offering : isolated DHCP: virtual router DNS: virtual router 
> firewall: SRX userdata:virtual router sourceNAT: SRX staticNAT: SRX 
> portforward: SRX sourceNAT type: perzone
> 2. domain: ROOT admin
>    domain: /d1 domain admin: d1domain
>    domain: /d2 user: d2user
> 3. login: admin create VMs, allocate public IPs . 
>     BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d1domain repeat above steps
>    BUG:   login  any VM  via console:  able to ping  www.google.com
>   login: d2user repeat above steps 
>    BUG:   login  any VM  via console:  able to ping  www.google.com

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira