Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 673ABD6CE for ; Mon, 21 Jan 2013 06:27:06 +0000 (UTC) Received: (qmail 50702 invoked by uid 500); 21 Jan 2013 06:27:05 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 50645 invoked by uid 500); 21 Jan 2013 06:27:04 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 50603 invoked by uid 99); 21 Jan 2013 06:27:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2013 06:27:03 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Murali.Reddy@citrix.com designates 203.166.19.134 as permitted sender) Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2013 06:26:57 +0000 X-IronPort-AV: E=Sophos;i="4.84,504,1355097600"; d="scan'208";a="480182" Received: from banpmailmx02.citrite.net ([10.103.128.74]) by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5; 21 Jan 2013 06:26:33 +0000 Received: from BANPMAILBOX01.citrite.net ([10.103.128.71]) by BANPMAILMX02.citrite.net ([10.103.128.74]) with mapi; Mon, 21 Jan 2013 11:56:30 +0530 From: Murali Reddy To: "cloudstack-users@incubator.apache.org" , "kris@cloudcentral.com.au" Date: Mon, 21 Jan 2013 11:56:27 +0530 Subject: Re: Is it possible to use Juniper SRX for Firewall functions in conjunction with Virtual Router for Load Balancing functions Thread-Topic: Is it possible to use Juniper SRX for Firewall functions in conjunction with Virtual Router for Load Balancing functions Thread-Index: Ac33oD/6cIWPJfGqS8isDeiNxPtS7g== Message-ID: In-Reply-To: <14acd698$5d7490cf$3df6a994$@cloudcentral.com.au> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.2.5.121010 acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org On 20/01/13 9:53 AM, "Kristoffer Sheather - Cloud Central" wrote: >CloudStack Users, > >We are currently designing a new solution with specific security >requirements and are considering implementing a Juniper SRX series >firewall. In order to protect the load balancer from public traffic we >intend on deploying an 'in-line' topology where the SRX sits in front of >the load balancer (physical or virtual). > >Is it possible (and preferably tested) to use SRX for >firewall/port-forwarding/VPN and use the CloudStack Virtual Router for >load=20 >balancing? I know the documentation states that you must use SRX with F5 >for 'in-line' mode, however I can't see why you couldn't use the virtual >router instead of a F5. I know that side-by-side configuration works right now. You can have a network offering with SRX providing firewall/PF/Nat services and VR/F5/NetScaler providing LB service. But inline mode, only SRX and F5 combination supported. But one can extend the support for VR/NetScaler as well. Please open a feature request bug. > >If anyone has experience and can advise that would be greatly appreciated. > >Regards, > >Kristoffer Sheather >Cloud Central >Scale Your Data Center In The Cloud >Phone: 1300 144 007 | Mobile: +61 414 573 130 | Email: >kris@cloudcentral.com.au >LinkedIn: | Skype: kristoffer.sheather | Twitter: >http://twitter.com/kristofferjon >