nanog mailing list archives
Ingress filtering from an external cloud service to the internal network
From: "Torres, Matt" <matt.torres () state or us>
Date: Thu, 4 May 2017 12:46:42 +0000
NANOG, We have a hybrid cloud model that includes an external cloud service that needs to reach back into our internal network. The application documentation states that this connection cannot go through a proxy server. I am not in a position to redesign this solution or change the parameters. My question to NANOG is how to manage (filter/secure) the ingress traffic from the external cloud service. Past network guy managed inbound firewall rules based on the cloud-providers source IP address, but this wasn't sustainable and led to multiple outages as the external (source) IP has changed from time to time. I can define the destination ports well enough, but not the source IP addresses. Any ideas on how I can filter this type of inbound traffic from an internet-based service? Thanks Matt
Current thread:
- Ingress filtering from an external cloud service to the internal network Torres, Matt (May 04)
- RE: Ingress filtering from an external cloud service to the internal network James Breeden (May 04)
- RE: Ingress filtering from an external cloud service to the internal network Torres, Matt (May 05)
- Re: Ingress filtering from an external cloud service to the internal network George William Herbert (May 05)
- RE: Ingress filtering from an external cloud service to the internal network Torres, Matt (May 05)
- Re: Ingress filtering from an external cloud service to the internal network Yan Filyurin (May 05)
- Re: Ingress filtering from an external cloud service to the internal network Yan Filyurin (May 05)
- RE: Ingress filtering from an external cloud service to the internal network Torres, Matt (May 05)
- RE: Ingress filtering from an external cloud service to the internal network Torres, Matt (May 05)
- RE: Ingress filtering from an external cloud service to the internal network James Breeden (May 04)