CloudPlatform 4.x


Replacing Virtual Router with custom virtual appliance template


Replacing Virtual Router with custom virtual appliance template

Is it possible to create a network offering, which would use a custom virtual appliance instead of the default Debian template for the virtual router?

I'd like to provide a premium network offering, with a commercial security gateway/UTM virtual appliance as network provider. Ie the FortiGate UTM provides VPN, NAT, DNS, DHCP, routing and other network features similar to Virtual Router, but also offers security features like anitispam, virus scanning, deep packet inspection, IPS etc.

I can create a network like this
Internet -> ACS VR-> Fortigate TM VM -> other VM
But not sure how can force all the traffic from the VMs to go via the FortiGate. So having the UTM as a custom network provider would ensure it?

The environment is XenServer 6.2 and CP 4.2.1 and Advanced Networking


Michal Rodzos MEMBERS 30 November 2013 - 12:09 PM
1 comment

Please sign in to leave a comment.


Previous 1 comment


Replacing Virtual Router with custom virtual appliance template

Don't know if this is still an open question, but here are my thoughts...


I don't believe that the Fortigate family has been integrated with CCP/ACS, but you could use "Shared/DirectAccess" networks to do most of this. The "Shared/DirectAccess" network, can be scoped to a single account for isolation. In this configuration, the VR will continue to do DHCP/DNS (the VR's DNS can forward to the Fortigate) and the Fortigate will act as the default gateway for the guest connected to the network.


You will lose the ability to configure LBs/Firewall Rules/StaticNats from within CCP, so this may not be an option for you.

Michael Little MEMBERS 01 April 2014 - 21:11 PM
Comment actions Permalink

Top Contributors