Jump to: navigation, search

Mcafee NGFW Firewall driver

Overview

Mcafee NGFW Fwaas driver worked with NGFW L3 plugin to provide the firewall as a service function in openstack. It implement the create/delete/update_firewall operations from l3 agents by translate the rules of openstack firewall into the policy of SMC server. Firewall would work once the SMC server get the policy and upload it to sg-engine VM.

NGFW driver.png

Configuration

1. Refer to link for L3 plugin configuration. 

 https://wiki.openstack.org/wiki/Mcafee_NGFW_L3_Plugin

2. make sure fwaas_plugin added into /etc/neutron/neutron.conf 

  service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

3. specify NGFW fwaas_driver and edit related key items in /etc/neutron/fwaas_driver.ini to match your environment 

 [fwaas]                                                                        
 driver = neutron_fwaas.services.firewall.drivers.mcafee.ngfw_fwaas.NgfwFwaasDriver
 enabled = True                                                                 
                                                                            
 [ngfw]                                                                          
 # URL of SMC server                                                            
 smc_url = http://10.20.5.54:8082                                              
 # verion of API                                                                
 smc_api_version=5.7                                                           
 # authenticate key for API call                                                
 smc_api_auth_key = "vGEv9qAoYCbTwhonV8Bi0002"
Retrieved from "https://wiki.openstack.org/w/index.php?title=Mcafee_NGFW_Firewall_driver&oldid=73218"