Difference between revisions of "Mcafee NGFW Firewall driver"
(→Overview) |
(→Configuration) |
||
(One intermediate revision by the same user not shown) | |||
Line 2: | Line 2: | ||
Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM. | Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM. | ||
+ | |||
+ | [[File:NGFW_driver.png]]<br /> | ||
=='''Configuration'''== | =='''Configuration'''== | ||
− | 1. Refer to link | + | 1. Refer to link for L3 plugin configuration. |
https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin | https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin | ||
Latest revision as of 08:23, 9 February 2015
Overview
Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM.
Configuration
1. Refer to link for L3 plugin configuration.
https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin
2. make sure fwaas_plugin added into /etc/neutron/neutron.conf
service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin
3. specify NGFW fwaas_driver and edit related key items in /etc/neutron/fwaas_driver.ini to match your environment
[fwaas] driver = neutron_fwaas.services.firewall.drivers.mcafee.ngfw_fwaas.NgfwFwaasDriver enabled = True [ngfw] # URL of SMC server smc_url = http://10.20.5.54:8082 # verion of API smc_api_version=5.7 # authenticate key for API call smc_api_auth_key = "vGEv9qAoYCbTwhonV8Bi0002"