Hello,
We natively use a full routed network to deploy instance.
We use a update server on our Datacenter to force VM update as part as the enterprise security Policy
After some time, we choose to implement floating ip to ease ip management.
With floating IP, you deploy instance on a private network and use a tenant router to access the external network.
For each floating ip, you have a Snat/Dnat rule in the tenant router.
A Snat default route is configured to allow vm with no floating ip to communicate using the router external IP.
Unfortunaly, the VM with no floating IP no longer communicate with the update server
Looking into the NSX configuration of the tenant router, we see that the firewall is enabled and there is no rule to permit access.
We want to create a permanent rule that allow the private network to communicate with our update server.
How can we modify the VIO configuration to push this modification into the tenant router ?
Thanks a lor for help
Cédric.
Hi,
We don't support manual updates of NSX edge device outside of VIO CLI/API. If you access is limited due to security group, you should create a new secgroup and apply it to the VM.
Default security group allows all egress traffic, I don't suspect this is the issue.
Without understanding more about your setup, it's hard to say what is causing the issue. Can you provide source / destination IP of your setup & additional info on sec groups for both src & destination VM?
Hi,
We don't support manual updates of NSX edge device outside of VIO CLI/API. If you access is limited due to security group, you should create a new secgroup and apply it to the VM.
Default security group allows all egress traffic, I don't suspect this is the issue.
Without understanding more about your setup, it's hard to say what is causing the issue. Can you provide source / destination IP of your setup & additional info on sec groups for both src & destination VM?
Hello,
You are right, we made a mistake during our test 😞
All VM connected to the Provider Network trough a Tenant Router have a default Egress access, even if no floating ip is assigned.
The VM will use the defaut Snat rule and use the Tenant Router IP.
Ced.