The service policy defines the traffic redirection rules and policy that point traffic passing between the left and right virtual machines to the VM-Series firewall service instance.
Service Policy (Policy Config)
|policy_name||The name of the service policy in Contrail that redirects traffic through the VM-Series firewall. For the L3 template, the default value is PAN_SVM_policy-L3. For the virtual wire template, the default value is PAN_SVM_policy-vw.|
|policy_fq_name||The fully qualified name of the service policy.|
|simple_action||The default action Contrail applies to traffic going to the VM-Series firewall service instance. The default value is pass because the VM-Series firewall will apply its own security policy to the traffic.|
|protocol||The protocols allowed by Contrail to pass to the VM-Series firewall. The default value is any.|
|src_port_end and src_port_start|
Use this parameter to specify source port(s) that should be associated with the policy rule. You can enter a single port, a list of ports separated with commas, or a range of ports in the form of <port>-<port>.
The default value is -1 in the provided heat templates; meaning any source port.
|direction||This parameter defines the direction of traffic that is allowed by Contrail to pass to the VM-Series firewall. The default value is <> or bidirectional traffic.|
|dst_port_end and dst_port_start|
Use this parameter to specify destination port(s) that should be associated with the policy rule. You can enter a single port, a list of ports separated with commas, or a range of ports in the form of <port>-<port>.
The default value is -1 in the provided heat templates; meaning any destination port.
Service Template The service template defines the parameters of the service instance, such as the software image, virtual machine flavor, service type, and interfaces. Service ...
Service Chaining and Service Scaling
Service Chaining and Service Scaling Service chaining is a Contrail feature that deploys a VM-Series firewall as a service instance in your OpenStack environment. A ...
Alarm The alarm parameters are used in service scaling and are not included in the service chaining environment files. These parameters define the thresholds used ...
Virtual Machine The virtual machine parameters define the left and right Linux servers. The name of the port tuple is defined here and referenced by ...
Components of the VM-Series for OpenStack Solution
Components of the VM-Series for OpenStack Solution The VM-Series firewall in an OpenStack environment has been tested with the following components. Component Description Software Hypervisor: ...
Heat Template for a Basic GatewayDeployment
Heat Template for a Basic Gateway Deployment The heat template file includes the following four files to help you launch the VM-Series firewall on KVM ...
IPAM IP address management (IPAM) provides the IP address information for the interfaces of the service instance. Changes these parameters to best suit your environment. ...
Heat Templates for Service Chaining andService Scaling
Heat Templates for Service Chaining and Service Scaling The heat template environment file defines the parameters specific to the VM-Series firewall instance deployed through service ...
Set Up the VM-Series Firewall on OpenStack
Set Up the VM-Series Firewall on OpenStack The VM-Series firewall for OpenStack allows you to deploy the VM-Series firewall in your OpenStack environment to provide ...