[194499] in North American Network Operators' Group
Ingress filtering from an external cloud service to the internal
daemon@ATHENA.MIT.EDU (Torres, Matt)
Thu May 4 10:11:24 2017
X-Original-To: nanog@nanog.org
From: "Torres, Matt" <matt.torres@state.or.us>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 4 May 2017 12:46:42 +0000
Errors-To: nanog-bounces@nanog.org
NANOG,
We have a hybrid cloud model that includes an external cloud service that n=
eeds to reach back into our internal network. The application documentation=
states that this connection cannot go through a proxy server. I am not in =
a position to redesign this solution or change the parameters. My question =
to NANOG is how to manage (filter/secure) the ingress traffic from the exte=
rnal cloud service. Past network guy managed inbound firewall rules based o=
n the cloud-providers source IP address, but this wasn't sustainable and le=
d to multiple outages as the external (source) IP has changed from time to =
time. I can define the destination ports well enough, but not the source IP=
addresses.
Any ideas on how I can filter this type of inbound traffic from an internet=
-based service?
Thanks
Matt
