diff --git a/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v_md_proxy.py b/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v_md_proxy.py index 7f031c122e..6c448ba4f8 100644 --- a/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v_md_proxy.py +++ b/vmware_nsx/neutron/plugins/vmware/plugins/nsx_v_md_proxy.py @@ -51,6 +51,12 @@ LOG = logging.getLogger(__name__) def get_router_fw_rules(): fw_rules = [ + { + 'name': 'VSERule', + 'enabled': True, + 'action': 'allow', + 'vnicGroupId': ['vse'] + }, { 'name': 'MDServiceIP', 'enabled': True, @@ -345,16 +351,23 @@ class NsxVMetadataProxyHandler: cfg.CONF.nsxv.nova_metadata_ips, proxy_lb=True) - firewall_rule = { - 'action': 'allow', - 'enabled': True, - 'source_ip_address': [INTERNAL_SUBNET]} + firewall_rules = [ + { + 'name': 'VSERule', + 'enabled': True, + 'action': 'allow', + 'vnicGroupId': ['vse'] + }, + { + 'action': 'allow', + 'enabled': True, + 'source_ip_address': [INTERNAL_SUBNET]}] edge_utils.update_firewall( self.nsxv_plugin.nsx_v, self.context, rtr_id, - {'firewall_rule_list': [firewall_rule]}, + {'firewall_rule_list': firewall_rules}, allow_external=False) if cfg.CONF.nsxv.mgt_net_default_gateway: diff --git a/vmware_nsx/neutron/plugins/vmware/vshield/edge_appliance_driver.py b/vmware_nsx/neutron/plugins/vmware/vshield/edge_appliance_driver.py index 76b74465e4..1ddc326126 100644 --- a/vmware_nsx/neutron/plugins/vmware/vshield/edge_appliance_driver.py +++ b/vmware_nsx/neutron/plugins/vmware/vshield/edge_appliance_driver.py @@ -54,6 +54,10 @@ class EdgeApplianceDriver(object): 'cliSettings': { 'remoteAccess': remote_access }, + 'autoConfiguration': { + 'enabled': False, + 'rulePriority': 'high' + }, 'appliances': { 'applianceSize': appliance_size },