GBP default security group not updated on a PRS update
Bug #1489665 reported by
ransari
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Group Based Policy |
Opinion
|
Undecided
|
Unassigned | ||
Bug Description
1. An rpm upgrade was done to include the fix for : https:/
2. PRS associated with a PTG, created prior to the upgrade, was edited to add a new rule.
3. A member was launched in the PTG , SG associated with PRS had the correct rules. However,
default security group still had old egress rules enabling all IPV4 traffic to the external world.
Revision history for this message
| Sumit Naiksatam (snaiksat) wrote | #1 |
| Changed in group-based-policy: | |
| status: | New → Opinion |
| description: | updated |
To post a comment you must log in.
The default SG is computed when the PTG is created and is associated with the PTG, not with the PRS. Hence updating the PRS is not going to result in updating the default SG for a particular PTG.
In such cases, it is suggested that the relevant default SG(s) is/are directly updated from UI/CLI/API. To allow link local network access use:
cidr='169.
ethertype=ipv4
direction='egress'