NSX distributed firewall rules can apply to services or protocols. Abiquo 4.7.0 introduces support for Application Services.
NSX provides an extensive list of protocols and the administrator can configure them for use in the platform and Abiquo will display them as protocols in the firewall rules.
To configure the ALG feature:
To allow additional Applications (that are not listed here in the default value of the property), add them to the list delimited by hash '#' characters in the abiquo.properties file on the Remote Services server:
# Allowed firewall protocols to use services applications (aka ALG (Application Level Gateway)) # Collections separated using # delimiter abiquo.nsx.firewall.applicationprotocols = FTP#SMB#ORACLE_TNS#MS_RPC_TCP#SUN_RPC_TCP
In Abiquo 4.7.x, specify the protocol mappings in the UI. To do this, edit the client-config-custom.json (for more information, see Configure Abiquo UI).
Always set a "port" value of "0" for application services. Any other value will cause a validation error in the plugin
For example, for the default Applications:"config.protocols" : [ {"value":"NSX - FTP", "protocol":"FTP", "port":0 }, {"value":"NSX - SMB", "protocol":"SMB", "port":0 }, {"value":"NSX - ORACLE_TNS", "protocol":"ORACLE_TNS", "port":0 }, {"value":"NSX - MS_RPC_TCP", "protocol":"MS_RPC_TCP", "port":0 }, {"value":"NSX - SUN_RPC_TCP", "protocol":"SUN_RPC_TCP", "port":0 }, {"value":"Own TCP rule", ....When users create a firewall rule, they can now select the service.
Users can set a "Port range" value of "0" only for application services. Any other value will cause a validation error in the plugin
Listing application protocols
To obtain a full list of application protocols, send the following request to the NSX:
curl -k -v -uadmin:password -XGET "https://myNsx.example.com/api/2.0/services/application/scope/globalroot-0"
This request returns an XML file and you can use the names of the applications to configure the applications in the platform.