You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After deployment, the default all node policy works correctly: all nodes can communicate with each other properly, and the subnets within each cloud can also communicate with no issues at all.
However, I encountered a problem: after I created the user client, it was automatically added to this default policy. This causes the client to be able to access all IP addresses in the cloud, which is not the access control effect I want.
My expected requirement is:
All nodes in the cloud can maintain normal mutual communication as before.
The user client is only allowed to access specific designated addresses via ACL rules.
I have configured some custom ACL rules to achieve this requirement, but after applying the configuration, all the nodes in the cloud can no longer communicate with each other.
Could anyone help me with this configuration problem? Thank you very much for your help!
My current ACL configuration is as shown in the figure below:
egress
acl
I intended to use the all-cloud rule to let all nodes with netclient deployed communicate with each other, and also permit them to access their respective cloud internal networks.
But once this all-cloud rule is enabled, absolutely no traffic can get through — all connectivity is blocked completely.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Here is my current network topology as follows:
After deployment, the default all node policy works correctly: all nodes can communicate with each other properly, and the subnets within each cloud can also communicate with no issues at all.
However, I encountered a problem: after I created the user client, it was automatically added to this default policy. This causes the client to be able to access all IP addresses in the cloud, which is not the access control effect I want.
My expected requirement is:
I have configured some custom ACL rules to achieve this requirement, but after applying the configuration, all the nodes in the cloud can no longer communicate with each other.
Could anyone help me with this configuration problem? Thank you very much for your help!
My current ACL configuration is as shown in the figure below:
egress
acl
I intended to use the all-cloud rule to let all nodes with netclient deployed communicate with each other, and also permit them to access their respective cloud internal networks.
But once this all-cloud rule is enabled, absolutely no traffic can get through — all connectivity is blocked completely.
Beta Was this translation helpful? Give feedback.
All reactions