From users-return-27339-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org  Wed Jan 11 12:22:27 2017
Return-Path: <users-return-27339-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-users-archive@www.apache.org
Delivered-To: apmail-cloudstack-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E3E6919D30
	for <apmail-cloudstack-users-archive@www.apache.org>; Wed, 11 Jan 2017 12:22:27 +0000 (UTC)
Received: (qmail 16594 invoked by uid 500); 11 Jan 2017 12:22:27 -0000
Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org
Received: (qmail 16546 invoked by uid 500); 11 Jan 2017 12:22:27 -0000
Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:users@cloudstack.apache.org>
List-Id: <users.cloudstack.apache.org>
Reply-To: users@cloudstack.apache.org
Delivered-To: mailing list users@cloudstack.apache.org
Received: (qmail 16534 invoked by uid 99); 11 Jan 2017 12:22:26 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jan 2017 12:22:26 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 3DA8E1803A5
	for <users@cloudstack.apache.org>; Wed, 11 Jan 2017 12:22:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.298
X-Spam-Level: *
X-Spam-Status: No, score=1.298 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=edneta.onmicrosoft.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id E0fZK7WTN1lR for <users@cloudstack.apache.org>;
	Wed, 11 Jan 2017 12:22:22 +0000 (UTC)
Received: from mr12.mail.ena.net (mr12.mail.ena.net [96.5.1.12])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 87FE45FB54
	for <users@cloudstack.apache.org>; Wed, 11 Jan 2017 12:22:21 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0022.outbound.protection.outlook.com [216.32.180.22])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mr12.mail.ena.net (Postfix) with ESMTPS id B15FF148011D;
	Wed, 11 Jan 2017 06:22:08 -0600 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=edneta.onmicrosoft.com; s=selector1-ena-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=89yG5mdJeRfflUg6dxr6y3FW8vjDsNJrFAKcQnTccy4=;
 b=P8u2uzkrfr8G/rMQ1z/yi52fdA2Y986mqVvG+SDU6bTqr5ehmCGpyBHfC/wQtAZZ4anL/ZxpdaB2afxvtaqf0OIH2Ed/jUcaWms5VGIwTP0pBk44eriUwf9sJi20rYuAJkHlLz77VqrV0WOlclopTdKEDfc4IEWLRqxaQKSR8VU=
Received: from BY2PR02MB2007.namprd02.prod.outlook.com (10.166.110.7) by
 BY2PR02MB2007.namprd02.prod.outlook.com (10.166.110.7) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
 15.1.829.7; Wed, 11 Jan 2017 12:22:07 +0000
Received: from BY2PR02MB2007.namprd02.prod.outlook.com ([10.166.110.7]) by
 BY2PR02MB2007.namprd02.prod.outlook.com ([10.166.110.7]) with mapi id
 15.01.0829.017; Wed, 11 Jan 2017 12:22:07 +0000
From: Simon Weller <sweller@ena.com>
To: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
Subject: Re: Firewall and Deep Packet Inspection for Cloudstack
Thread-Topic: Firewall and Deep Packet Inspection for Cloudstack
Thread-Index: AdJr7l6uevnEUAiVQq+pEtuiOQu/zgAFrJIJ
Date: Wed, 11 Jan 2017 12:22:06 +0000
Message-ID: <BY2PR02MB200734BDAC017155E21A89A3A9660@BY2PR02MB2007.namprd02.prod.outlook.com>
References: <78F94182E464C4468479C87CC275FAB1017F2D3C0F@KMail1.kupper-computer.local>
In-Reply-To: <78F94182E464C4468479C87CC275FAB1017F2D3C0F@KMail1.kupper-computer.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=sweller@ena.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [132.245.243.37]
x-ms-office365-filtering-correlation-id: 7ad99c3e-e60a-4735-3b22-08d43a1c7581
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BY2PR02MB2007;
x-microsoft-exchange-diagnostics: 1;BY2PR02MB2007;7:SsGyRNgtOdqPdIAyceBNW/xt1j5HTMHwOO8Q2rX+/7tF9o+xE38qAgBCcS3Gt/OTV64K/d6KsQBUVd3adGEpoC1cs16xGzPc0sNiHN37TmgTc7B4B9k5w6fOWM+z57rkwCXOGXePV0jNDUEKkBwVt6gdrKqS2iDrYW5s8GYYeVXCY/j157uWe57LSWyhU9yM+3JyeYvjQ1ZSuUg4Km9VnZH379kkrVJ6sjRhn7/5lKZbu7uKiMbP3Q0ou1CrXZsC4uE0vy+s22oKqTqp/wcZT9TU1jBg5Tpflpijub6yfJ3sKQR3rjteZdiN/LdsJHYq+3RDUWmuYyiEa6FibtOwILijLQsEiujIQHlfDx7vlwkBFveMK2kCSB0Zggut6l5sjoipfeMyIdnWRTZAxPvYiWCJGFhUHrbdXBIyR6tnsEPYiV2jDx8iNKVIXXFfSmvlyEv8lRbCIuMZAGccw4OW+A==
x-microsoft-antispam-prvs: <BY2PR02MB2007CC365A466E300F8DE973A9660@BY2PR02MB2007.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(190461294614860)(67729699691378);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6041248)(20161123560025)(20161123558021)(20161123555025)(20161123562025)(20161123564025)(6072148);SRVR:BY2PR02MB2007;BCL:0;PCL:0;RULEID:;SRVR:BY2PR02MB2007;
x-forefront-prvs: 01842C458A
x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(7916002)(39450400003)(39410400002)(39830400002)(189002)(377454003)(199003)(86362001)(110136003)(55016002)(99286003)(7696004)(25786008)(122556002)(66066001)(6436002)(606005)(5640700003)(7736002)(19627405001)(7906003)(6606003)(2351001)(97736004)(3660700001)(189998001)(107886002)(3280700002)(3900700001)(2501003)(6506006)(229853002)(77096006)(68736007)(38730400001)(92566002)(2950100002)(6916009)(106356001)(74316002)(2900100001)(33656002)(105586002)(54356999)(6306002)(54896002)(50986999)(9686003)(6116002)(101416001)(236005)(76176999)(2906002)(102836003)(3846002)(8676002)(81156014)(81166006)(1730700003)(5660300001)(8936002);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR02MB2007;H:BY2PR02MB2007.namprd02.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: ena.com does not designate
 permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
	boundary="_000_BY2PR02MB200734BDAC017155E21A89A3A9660BY2PR02MB2007namp_"
MIME-Version: 1.0
X-OriginatorOrg: ena.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2017 12:22:06.8539
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6dc38cd4-4d4f-4826-9649-17854289d170
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR02MB2007
X-ENA-MailScanner-Information: Please contact support@ena.com for more information
X-ENA-MailScanner-ID: B15FF148011D.AE76E
X-ENA-MailScanner: No viruses found
X-ENA-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-5.7,
	required 4, autolearn=not spam, BAYES_00 -3.20, DKIM_SIGNED 0.10,
	DKIM_VALID -0.10, HTML_MESSAGE 1.20, OS_WINDOWS 0.20,
	OS_WINDOWS7 0.10, RCVD_IN_DNSWL_NONE -0.20, RCVD_IN_MSPIKE_H2 -1.20,
	RCVD_IN_SENDERSCORE_90_100 -2.20, SPF_HELO_PASS -0.20,
	SPF_PASS -0.20)
X-ENA-MailScanner-From: sweller@ena.com
X-ENA-MailScanner-Watermark: 1484742129.21912@cglEuasIZ+k+BfeUI+9VKA

--_000_BY2PR02MB200734BDAC017155E21A89A3A9660BY2PR02MB2007namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Sven,


A Paloalto plugin was added to ACS 4.3 I believe. Here is the detail on it:=
 https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+=
Integration


I'm not sure whether it has been maintained, but it may be a good starting =
point for you in regards to that particular platform.


- Si

________________________________
From: Vogel, Sven <Sven.Vogel@kupper-computer.com>
Sent: Wednesday, January 11, 2017 3:45 AM
To: users@cloudstack.apache.org
Subject: Firewall and Deep Packet Inspection for Cloudstack

Hi,

general question about the users.

How are the most users securing their cloudstack environment?

Use a ids/ips in the front of cloudstack or use intregrated solution like p=
aloalto?

can anybody give me some tips from other enviroments?

Thanks for help and discussion

Sven

--_000_BY2PR02MB200734BDAC017155E21A89A3A9660BY2PR02MB2007namp_--