mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
8f8ad3f38e
This patch adds a network plugin to support Palo Alto Networks firewall (their appliance and their VM series firewall). More information in the FS: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration Features supported are: - List/Add/Delete Palo Alto service provider - List/Add/Delete Palo Alto network service offering - List/Add/Delete Palo Alto network with above service offering - Add instance to the new network (creates the public IP and private gateway/cidr on the PA as well as the source nat rule) - List/Add/Delete Ingress Firewall rule - List/Add/Delete Egress Firewall rule - List/Add/Delete Port Forwarding rule - List/Add/Delete Static Nat rule - Supports Palo Alto Networks 'Log Forwarding' profile globally per device (additional docs to come) - Supports Palo Alto Networks 'Security Profile Groups' functionality globally per device (additional docs to come) Knowns limitations: - Only supports one public IP range in CloudStack. - Currently not verifying SSL certificates when creating a connection between CloudStack and the Palo Alto Networks firewall. - Currently not tracking usage on Public IPs. Signed-off-by: Sheng Yang <sheng.yang@citrix.com>