Test Case No

Test cases Name

Steps

Expected Result

Priority

Test Case Type

XEN

KVM

VMware

 

Virtual Router Scenario

 

 

 

 

 

 

 

Egress FR - 1           

By-default the communication from guest n/w to public n/w is NOT allowed

1. login to Guest VM
2. Ping public network

2. Public network should NOT be reachable

P1

Functional

 

 

 

Egress FR -2

Allow Communication using Egress rule with
CIDR + Port Range + Protocol

1. Create Egress rule with Specific CIDR +Port Range +Protocol
2. Login to Guest VM
3. Try to connect the public network with specified CIDR,  on Specified Port and with Specified protcol

1. Rule is created without any erros
3. Connection should be established successfully

P1

Functional

 

 

 

Egress FR -3

Communication blocked with network that is other than specified

1. Create Egress rule with Specific CIDR +Port Range +Protocol
2. Login to Guest VM
3. Try to connect the public network with other than specified CIDR
4. Try to connect to the Port other than specified
5. Try to connect to the Protocol other than specified.

3. Connection Fail
4. Connection Fail
5. Connection Fail

P1

Functional

 

 

 

Egress FR -4

Create Egress rule and check the Firewall_Rules DB table

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Login to cloud DB
3. check the table Firewall_Rules

3. For the Rule, purpose should be shown as "Firewall" and Traffic_type should be set to "Egress"

P1

Functional

 

 

 

Egress FR -5

Create Egress rule and check the IP tables

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Login to VR
3. Check the ip tables

3. ip tables should list the rule created as follows

-A FW_OUTBOUND -j FW_EGRESS_RULES

-A FW_EGRESS_RULES -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FW_EGRESS_RULES -d 10.147.28.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A FW_EGRESS_RULES -j DROP

P1

Functional

 

 

 

Egress FR -6

Create Egress rule without CIDR

1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol
2. Check the Communication with different IPs , with Port within the specified Port Range and with specified Protocol

1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0
2. Connection should be established successfully

P1

Functional

 

 

 

Egress FR -7

Create Egress rule without End Port

1. Create a Egress rule without end Port
2. With Valid CIDR value + valid Start Port + valid Protocol
3. Try to establish communication with Public network on Specified start port

2. Start port and end port should be the Same in this case
3. Connection should be established successfully

P1

Functional

 

 

 

Egress FR -8

Port Forwarding and Egress Conflict

1. Create a PF rule that allows Port 22 on acquired public IP
2. Add Egress rule that allows communication from Guest nw to a Particular CIDR
3. Now try to connect from Ips other than specified in CIDR  to the public IP specified in PF rule

3.  Connection to Public IP specified in PF rule should be successful and Egress should not impact it

P1

Functional

 

 

 

Egress FR -9

Delete Egress rule

1. Lets assume there is only One Egress rule. Now, Delete that Egress rule
2. Check that the communication is allowed from Guest network to ANY Public IP

2.   Connection with any Public IP should be BLOCKED

P1

Functional

 

 

 

Egress FR-10

Invalid CIDR and Invalid Port ranges

1. Create a Egress rule with Invlaid CIDR value + Invalid Port Range

1. Error should be thrown on UI

P1

Functional

 

 

 

Egress FR-11

Regression on Firewall + PF + LB + SNAT

1. Create Firewall Rule
2. Create PF rule
3. Create SNAT rule
4. Create LB rule

1,2,3,4  : All functionalities should work fine

P1

Functional

 

 

 

Egress FR-12

Reboot Router

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Reboot VR
3. Login to Guest VM
4. Try to connect the public network with specified CIDR,  on Specified Port and with Specified protcol

1. Rule is created without any erros
2. After reboot all rules should be present
3. Connection should be established successfully

P1

Functional

 

 

 

Egress FR-13

Redundant Router : Master failover

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Stop Master router
3. Login to Guest VM
4. Try to connect the public network with specified CIDR,  on Specified Port and with Specified protcol

1. Rule is created without any erros
2. After Stopping master, Slave should become master and all rules should be configured on it
3. Connection should be established successfully

P1

Functional

 

 

 

 

JUNIPER SRX Scenario

 

 

 

 

 

 

 

Egress FR-14

By Default, check that the communication from Guest NW (trust) to Public NW (Untrust) is NOT permitted

1. Login to Guest VM
2. Try to connect to public network

2. Public NW should NOT be reachable

P1

Functional

CLOUDSTACK-2220

 

 

Egress FR-15

Allow Communication using Egress rule with CIDR + Port Range + Protocol

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Login to Guest VM
3. Try to connect the public network with specified CIDR,  on Specified Port and with Specified protcol

1. Rule is created without any erros
3. Connection should be established successfully

P1

Functional

 

 

 

Egress FR-16

Communication blocked with network that is other than specified

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Login to Guest VM
3. Try to connect the public network with other than specified CIDR
4. Try to connect to the Port other than specified
5. Try to connect to the Protocol other than specified.

3. Connection Fail
4. Connection Fail
5. Connection Fail

P1

Functional

 

 

 

Egress FR-17

Create Egress rule and check the rules configured on SRX device

1. Create a Egress rule with Specific CIDR + Port Range + Protocol
2. Login to SRX device
3. Check the Policies

3. Policy should be created as follows on SRX device and it should contain specified CIDR, PORT range and Protocol

P1

Functional

 

 

 

Egress FR-18

Create a Egress rule without specifying CIDR

1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol and check the policy that gets created on SRX
2. Check the Communication with different IPs , with Port within the specified Port Range and with specified Protocol

1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0 and Policy on SRX should list Destination address as ANY
2. Connection should be established successfully

P1

Functional

 

 

 

Egress FR-19

Create Egress rule without End Port

1. Create a Egress rule without end Port
2. With Valid CIDR value + valid Start Port + valid Protocol and check SRX policies
3. Try to establish communication with Public network on Specified start port

2. On SRX device, application should show Start port = End port
3. Connection should be established successfully

P1

Functional

 

 

 

Egress FR-20

Regression on Firewall + PF + LB + SNAT

1. Create Firewall Rule
2. Create PF rule
3. Create SNAT rule
4. Create LB rule

1,2,3,4  : All functionalities should work fine

P1

Functional

 

 

 

Egress FR-21

create egress rule port 22 from guest network to any destination

1. create egress rule for network with port 22 to any destination

1. tcp 22 traffic allowed form guest network to any destination
2. other traffic such as ping are blocked

P1

Functional

 

 

 

Firewall CIDR change after VR reboot

 

 

 

 

 

Egress
FR-22 

Firewall rule with CIDR+PortRange+Protocol

1.Configure firewall rule with CIDR+Port Range+ Protocol

2.Access vm from any client(whose ip address is part of CIDR configured in firewall rule). Should be successful

3.Restart VR and verify that firewall configuration is retained on the VR after restart

4.Repeat step2

Configuration on VR should remain the same

P1

Functional

 

 

 

Egress FR-23

Firewall rule without CIDR(with CIDR 0.0.0.0/0)

1.Acquire another IP address in the network and configure PF with the guest vm

2.Create Firewall rull without CIDR for this new ip address

3.Access vm from any client . Should be successful.

4.Restart router and verify that firewall configuration is retained on the VR after restart

5.Repeat step2

Configuration on VR should remain the same

P1

Functional

 

 

 

Egress FR-24Delete Firewall Rule

1.Delete one of the firewall rules created in FR-22, FR-23

2.Verify that only one rule is present on VR

3.Restart VR and verify that same configuration is retained on the VR after restart

4.Access vm(Access should be allowed as per the existing firewall rule)		Configuration on VR should remain the sameP1Functional   
Egress FR-25Firewall with CIDR and without endport

1.Acquire another public IP address and configure PF

2.Create firewall rule on this IP address with CIDR ,start port but without end port

3.Access vm from the client which is part of the CIDR. Should be successful

4.Restart VR and verify the configuration on VR after restart

5.Repeat step3

Configuration on VR should remain the sameP1Functional   
Egress FR-26Public client access with VR restart

1. Configure firewall with CIDR.

2. send the traffic from the public client which is not in the CIDR.

3. The access should fail.

4. Restart the router.

5. After restart also access should fail (step 3).

Public client access should fail.P1Functional   
Egress FR-27VPC (Test ACLs)

Repeat Tests FR-22-25 for Network ACLs in VPC for both ingress and egress traffic.

Verify the configuration on VPC VR before and after VR restart and also verify the connectivity to and from guest vms before and after VR restart.

Configuration on VR should remain the same and connectivity from guest VMs should remain before and after VR restart.P1Functional   
  • No labels