NSX distributed firewall rules can apply to services or protocols. Abiquo 4.7.0 introduces support for Application ServicesAs well as protocols, Abiquo supports Application Services with Application Level Gateway (ALG) access.
NSX provides an extensive list of of protocols and the administrator can configure them for use in the platform and Abiquo will display them as protocols in the firewall rules.
To configure the ALG feature:
...
Enable the protocols using Abiquo configuration properties
By default the following protocols are enabled: FTP, SMB, ORACLE_TMS, MS_RPC_TCP, SUN_RPC_TCPCode Block # Allowed firewall protocols to use services applications (aka ALG (Application Level Gateway)) # Collections separated using # delimiter abiquo.nsx.firewall.applicationprotocols = FTP#SMB#ORACLE_TNS#MS_RPC_TCP#SUN_RPC_TCPTo add more protocols, on the Abiquo server edit the
abiquo.propertiesfile and add the appropriate protocol names (see Listing application protocols below)In Abiquo 4.7.x, specify the protocol mappings in the UI. To do this, edit the client-config-custom.json (for more information, see Configure Abiquo UI ).
...
Always set a "port" value of "0" for application services. Any other value will cause a validation error in the pluginFor example,
...
to add the default Applications in the UI, add the following lines at the top of configure protocols (above "Own TCP rule"):
Code Block "config.protocols" : [ {"value":"NSX - FTP", "protocol":"FTP", "port":0 }, {"value":"NSX - SMB", "protocol":"SMB", "port":0 }, {"value":"NSX - ORACLE_TNS", "protocol":"ORACLE_TNS", "port":0 }, {"value":"NSX - MS_RPC_TCP", "protocol":"MS_RPC_TCP", "port":0 }, {"value":"NSX - SUN_RPC_TCP", "protocol":"SUN_RPC_TCP", "port":0 }, {"value":"Own TCP rule", ....When users create a firewall rule, they can now select the service.
...
- Users can set a "Port range" value of "0" only for application services. Any other value will cause a validation error in the plugin
...
Screenshot: Edit firewall rules
Listing application protocols
...