Citrix Systems 4.2 Switch User Manual


  Open as PDF
of 272
 
Configuring Network Access Control List
209
For more information, see Section 12.10.3, “Assigning VLANs to Isolated Networks”.
Netmask: The netmask for the tier you create.
For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.0.1.0/24, the
gateway of the tier is 10.0.1.1, and the netmask of the tier is 255.255.255.0.
7. Click OK.
8. Continue with configuring access control list for the tier.
16.27.4. Configuring Network Access Control List
Define Network Access Control List (ACL) on the VPC virtual router to control incoming (ingress) and
outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By default, all incoming
traffic to the guest networks is blocked and all outgoing traffic from guest networks is allowed, once
you add an ACL rule for outgoing traffic, then only outgoing traffic specified in this ACL rule is allowed,
the rest is blocked. To open the ports, you must create a new network ACL. The network ACLs can be
created for the tiers only if the NetworkACL service is supported.
16.27.4.1. About Network ACL Lists
In CloudPlatform terminology, Network ACL is a group of Network ACL items. Network ACL items are
nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These
rules determine whether traffic is allowed in or out of any tier associated with the network ACL. You
need to add the Network ACL items to the Network ACL, then associate the Network ACL with a tier.
Network ACL is associated with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier
is associated with a Network ACL at all the times. Each tier can be associated with only one ACL.
The default Network ACL is used when no ACL is associated. Default behavior is all the incoming
traffic is blocked and outgoing traffic is allowed from the tiers. Default network ACL cannot be removed
or modified. Contents of the default Network ACL is:
Rule Protocol Traffic type Action CIDR
1 All Ingress Deny 0.0.0.0/0
2 All Egress Allow 0.0.0.0/0
16.27.4.2. Creating ACL Lists
1. Log in to the CloudPlatform UI as an administrator or end user.
2. In the left navigation, choose Network.
3. In the Select view, select VPC.
All the VPCs that you have created for the account is listed in the page.
4. Click the Configure button of the VPC.
For each tier, the following options are displayed:
Internal LB
Public LB IP
Static NAT
 previous next