ce9003f498
The service insertion feature allows us to redirect some of the NSX traffic to an external security vendor like Palo-Alto or checkpoint for advanced inspection. The implementation contains: Enable the flow classifier plugin, and use it to create redirect rules on NSX When the flow classifier plugin is initialized a new security group is created and added to the configured service profile When a vm port with port security is created/updated, it is added to this security group When the admin user create a flow classifier entry, a backed redirect rule will be created. DocImpact: new NSXV Configuration parameters: service_insertion_profile_id = <service profile id, i.e. serviceprofile-1> DocImpact: The flow classifier methods should be added to the policy.json as admin only Change-Id: I67a132d4b35764c6940516a8365a2749d574aad2 |
||
|---|---|---|
| .. | ||
| oslo-config-generator | ||
| policy | ||
| policy.json | ||
| README.txt | ||
To generate the sample vmware-nsx configuration files, run the following command from the top level of the vmware-nsx directory: tox -e genconfig If a 'tox' environment is unavailable, then you can run the following script instead to generate the configuration files: ./tools/generate_config_file_samples.sh