Closed Bug 1222474 Opened 9 years ago Closed 9 years ago

please allow TCP/443 from nagios1.private.releng.scl3.mozilla.com to graphite-scl3.mozilla.org

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps: DC ACL Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: arich, Assigned: dcurado)

References

Details

We're setting up a nagios check that queries graphite data in bug 1220191. Please open a flow from the nagios server (nagios1.private.releng.scl3.mozilla.com) to port 443 of the graphite server (graphite-scl3.mozilla.org).
Here's the config I will put into place on thursday morning, when the config freeze is lifted. set security zones security-zone private address-book address graphite-web.private.scl3 10.22.75.17/32 set security policies from-zone dc to-zone private policy graphite-web--https match source-address nagios1.private.releng.scl3 set security policies from-zone dc to-zone private policy graphite-web--https match destination-address graphite-web.private.scl3 set security policies from-zone dc to-zone private policy graphite-web--https match application junos-https set security policies from-zone dc to-zone private policy graphite-web--https then permit edit security policies from-zone dc to-zone private annotate policy graphite-web--https "1222474" top
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
OK, this policy has been put into place. Policy: graphite-web--https, action-type: permit, State: enabled, Index: 2531, Scope Policy: 0 Policy Type: Configured Sequence number: 41 From zone: dc, To zone: private Source addresses: nagios1.private.releng.scl3: 10.26.75.30/32 Destination addresses: graphite-web.private.scl3: 10.22.75.17/32 Application: junos-https IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 Source port range: [0-0] Destination port range: [443-443] Per policy TCP Options: SYN check: No, SEQ check: No And here's the diff: dcurado@fw1.ops.scl3.mozilla.net> show configuration | compare rollback 1 [edit security policies from-zone dc to-zone private] policy phx1-zlb--ssh { ... } + /* 1222474 */ + policy graphite-web--https { + match { + source-address nagios1.private.releng.scl3; + destination-address graphite-web.private.scl3; + application junos-https; + } + then { + permit; + } + } [edit security zones security-zone private address-book] address flow1.private.scl3 { ... } + address graphite-web.private.scl3 10.22.75.17/32;
Status: ASSIGNED → UNCONFIRMED
Ever confirmed: false
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.