NSX distributed firewall rules can apply to services or protocols. Abiquo 4.7.0 introduces support for Application Services with Application Level Gateway (ALG) access.
NSX provides an extensive list of protocols and the administrator can configure them for use in the platform and Abiquo will display them as protocols in the firewall rules.
To configure the ALG feature:
Enable the protocols in Abiquo Configuration Properties
The default value sets protocols: FTP, SMB, ORACLE_TMS, MS_RPC_TCP, SUN_RPC_TCP
To add more protocols, edit the abiquo.properties file on the Abiquo server and add the appropriate protocol names (see #Listing application protocols)
In Abiquo 4.7.x, specify the protocol mappings in the UI. To do this, edit the client-config-custom.json (for more information, see Configure Abiquo UI).
Always set a "port" value of "0" for application services. Any other value will cause a validation error in the plugin
For example, for the default Applications, add the following lines at the top of configure protocols (above "Own TCP rule"):
When users create a firewall rule, they can now select the service.
Users can set a "Port range" value of "0" only for application services. Any other value will cause a validation error in the plugin
Screenshot: Edit firewall rules
Listing application protocols
To obtain a full list of application protocols, send the following request to the NSX:
This request returns an XML file and you can use the names of the applications to configure the applications in the platform.