Select the option Specified protocol and ports. To allow ingress traffic for SE to SE management traffic, This rule is required to allow Ingress traffic from one SE to another SE. The following protocols and ports are required for SE-SE management traffic Protocol Add the ports as shown in the image below: Refer to the Protocol Ports article to identify the ports to which the Controller sends traffic to as a part of the network operation. Select the option Specified protocol and ports.In the Create a firewall rule screen, select Egress as the Direction of traffic and Allow as the Action on match, as shown below: To configure firewall rules to allow outgoing traffic from a Controller, Configuring Controller Egress RulesĮgress rules are configured to allow traffic from the Controller for network services and SE communication. Select the option Specified protocol and ports and enter the tcp, udp ports to which the firewall rules are applicable.įirewall rule to allow ingress traffic for the Controller is now configured. Select Specified target tags to apply the firewall rules only to the selected instances within the virtual network.In the Create a firewall rule screen, select Ingress as the Direction of traffic and Allow as the Action on match, as shown below: To configure a firewall rule to allow ingress traffic for the Avi Controller,įrom the GCP console, navigate to VPC network > Firewall rules. Management Trafficįor the list of protocols and ports required for ingress and egress management traffic, refer to the Protocol Ports Used by Avi Vantage for Management Communication.Ĭontroller Firewall Rules Configuring Controller Ingress Rules Note: Make a note of the Target tags which will be created below since the target tags will be applied on the Avi Controller and the Service Engine virtual machines. Using the steps below create the following firewall rules. Virtual service traffic on service engines Network services used by the ControllerĪ. Skip the egress rule configuration if egress traffic is allowed.Ĭonfiguring firewall rules allow the following communication:ī. Note: By default egress is allowed in GCP for all protocols and ports but if egress is denied by some firewall rules, then the specific destination protocol and port have to be allowed. For more information refer to GCP Firewall Rules.įirewall rules need to be configured to allow ingress and egress traffic for the Avi Controller, service engines (SE), and the application servers. By creating a firewall rule, you specify a Virtual Private Cloud (VPC) network and a set of components that define what the rule does. Google Cloud Platform (GCP) firewall rules let you allow or deny traffic to and from your virtual machine (VM) instances based on a configuration you specify. Configuring Firewall Rules in GCP Overview
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |