Jump to: navigation, search

Difference between revisions of "Mcafee NGFW Firewall driver"

(Mcafee NGFW Firewall driver)
(Configuration)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=='''Overview'''==
 
=='''Overview'''==
  
Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules from firewall db into the policy which SMC server could accept. Firewall would work once the SMC server get the policy and upload it to sg-engine.
+
Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM.
 
 
  
 +
[[File:NGFW_driver.png]]<br />
  
 
=='''Configuration'''==
 
=='''Configuration'''==
  
1. Refer to link xxxx for L3 plugin configuration.
+
1. Refer to link for L3 plugin configuration.
 
   https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin
 
   https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin
  

Latest revision as of 08:23, 9 February 2015

Overview

Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM.

NGFW driver.png

Configuration

1. Refer to link for L3 plugin configuration. 

 https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin

2. make sure fwaas_plugin added into /etc/neutron/neutron.conf 

  service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

3. specify NGFW fwaas_driver and edit related key items in /etc/neutron/fwaas_driver.ini to match your environment 

 [fwaas]                                                                        
 driver = neutron_fwaas.services.firewall.drivers.mcafee.ngfw_fwaas.NgfwFwaasDriver
 enabled = True                                                                 
                                                                            
 [ngfw]                                                                          
 # URL of SMC server                                                            
 smc_url = http://10.20.5.54:8082                                              
 # verion of API                                                                
 smc_api_version=5.7                                                           
 # authenticate key for API call                                                
 smc_api_auth_key = "vGEv9qAoYCbTwhonV8Bi0002"
Retrieved from "https://wiki.openstack.org/w/index.php?title=Mcafee_NGFW_Firewall_driver&oldid=73218"