VMware Cloud Community
RatnajitHCL
Contributor
Contributor
‎12-21-2016 10:11 PM
Jump to solution

The Firewall rule of Tenant Edge router managing the VMware Integrated Openstack subnets are reset to "Deny" after sometime

Hi,

We have created few tenants in our VIO infrastructure. There are few routers on each tenant. By default the Firewall rule of the edge router managing the tenant VMs is "Deny" . I am modifying the firewall rule from "Deny" to "Accept" from NSX interface available from the vCenter but I see that this rule changes in a day or two.

Can you please guide how to permanently set the Firewall rule of the edge router managing the Tenant subnets to "Accept".

Thanks

Ratnajit

0 Kudos
1 Solution

Accepted Solutions
mvoelker
VMware Employee
VMware Employee
‎12-22-2016 07:06 AM
Jump to solution

It sounds like you haven't adjusted the rules for the default security group on the OpenStack side.  You can do this via the CLI or from Horizon:

1.) Click on Compute -> Access & Security

2.) Click on the "Security Groups" tab

3.) Click on the "Manage Rules" button for the "default" security group

4.) You should now see a list of rules and buttons to add new ones or delete existing ones.  For example, you can click on the "Add Rule" button, select "All TCP" from the "Rule" dropdown, and click "Add" to allow all TCP traffic for instances using the default security group.

Documentation on the equivalent CLI's can be found here:

OpenStack Docs: Networking service (neutron) command-line client

View solution in original post

0 Kudos
2 Replies
mvoelker
VMware Employee
VMware Employee
‎12-22-2016 07:06 AM
Jump to solution

It sounds like you haven't adjusted the rules for the default security group on the OpenStack side.  You can do this via the CLI or from Horizon:

1.) Click on Compute -> Access & Security

2.) Click on the "Security Groups" tab

3.) Click on the "Manage Rules" button for the "default" security group

4.) You should now see a list of rules and buttons to add new ones or delete existing ones.  For example, you can click on the "Add Rule" button, select "All TCP" from the "Rule" dropdown, and click "Add" to allow all TCP traffic for instances using the default security group.

Documentation on the equivalent CLI's can be found here:

OpenStack Docs: Networking service (neutron) command-line client

0 Kudos
RatnajitHCL
Contributor
Contributor
‎01-02-2017 06:35 AM
Jump to solution

Hi,

Thanks a lot.

This helped us to set the Firewall is set to "Accept".

Regards

Ratnajit

0 Kudos