cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kirk Kosinski (JIRA)" <>
Subject [jira] [Closed] (CLOUDSTACK-4723) Call more attention to egress traffic being denied by default in isolated networks
Date Sat, 21 Sep 2013 00:36:54 GMT


Kirk Kosinski closed CLOUDSTACK-4723.

    Resolution: Duplicate
> Call more attention to egress traffic being denied by default in isolated networks
> ----------------------------------------------------------------------------------
>                 Key: CLOUDSTACK-4723
>                 URL:
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Doc
>    Affects Versions: 4.1.1
>            Reporter: Kirk Kosinski
>            Priority: Minor
>              Labels: adminguide
> Egress traffic is denied by default in isolated networks using the CloudStack virtual
router created in CloudStack 4.1.0 and later (see CLOUDSTACK-299).  This information is explained
in the Creating Egress Firewall Rules in an Advanced Zone section of the admin guide:
> By default, the egress traffic is blocked, so no outgoing traffic is allowed from a guest
network to the Internet. However, you can control the egress traffic in an Advanced zone by
creating egress firewall rules. 
> This is very critical information, but unfortunately is easy to miss.  It should be highlighted
somehow, such as in a Note.  
> Additionally, it would be useful to explain that during an upgrade from previous versions,
egress rules allowing all traffic are created for existing networks to match the previous
behavior of allowing all egress traffic.  This is confusing since after an upgrade, all of
the existing networks are working the same as before, but newly created networks will not.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message