Test Case No | Test cases Name | Steps | Expected Result | Priority | Test Case Type | XEN | KVM | VMware |
| Virtual Router Scenario |
|
|
|
|
|
|
|
Egress FR - 1 | By-default the communication from guest n/w to public n/w is NOT allowed | 1. login to Guest VM | 2. Public network should NOT be reachable | P1 | Functional |
|
|
|
Egress FR -2 | Allow Communication using Egress rule with | 1. Create Egress rule with Specific CIDR +Port Range +Protocol | 1. Rule is created without any erros | P1 | Functional |
|
|
|
Egress FR -3 | Communication blocked with network that is other than specified | 1. Create Egress rule with Specific CIDR +Port Range +Protocol | 3. Connection Fail | P1 | Functional |
|
|
|
Egress FR -4 | Create Egress rule and check the Firewall_Rules DB table | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 3. For the Rule, purpose should be shown as "Firewall" and Traffic_type should be set to "Egress" | P1 | Functional |
|
|
|
Egress FR -5 | Create Egress rule and check the IP tables | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 3. ip tables should list the rule created as follows | P1 | Functional |
|
|
|
Egress FR -6 | Create Egress rule without CIDR | 1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol | 1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0 | P1 | Functional |
|
|
|
Egress FR -7 | Create Egress rule without End Port | 1. Create a Egress rule without end Port | 2. Start port and end port should be the Same in this case | P1 | Functional |
|
|
|
Egress FR -8 | Port Forwarding and Egress Conflict | 1. Create a PF rule that allows Port 22 on acquired public IP | 3. Connection to Public IP specified in PF rule should be successful and Egress should not impact it | P1 | Functional |
|
|
|
Egress FR -9 | Delete Egress rule | 1. Lets assume there is only One Egress rule. Now, Delete that Egress rule | 2. Connection with any Public IP should be BLOCKED | P1 | Functional |
|
|
|
Egress FR-10 | Invalid CIDR and Invalid Port ranges | 1. Create a Egress rule with Invlaid CIDR value + Invalid Port Range | 1. Error should be thrown on UI | P1 | Functional |
|
|
|
Egress FR-11 | Regression on Firewall + PF + LB + SNAT | 1. Create Firewall Rule | 1,2,3,4 : All functionalities should work fine | P1 | Functional |
|
|
|
Egress FR-12 | Reboot Router | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 1. Rule is created without any erros | P1 | Functional |
|
|
|
Egress FR-13 | Redundant Router : Master failover | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 1. Rule is created without any erros | P1 | Functional |
|
|
|
| JUNIPER SRX Scenario |
|
|
|
|
|
|
|
Egress FR-14 | By Default, check that the communication from Guest NW (trust) to Public NW (Untrust) is NOT permitted | 1. Login to Guest VM | 2. Public NW should NOT be reachable | P1 | Functional | CLOUDSTACK-2220 |
|
|
Egress FR-15 | Allow Communication using Egress rule with CIDR + Port Range + Protocol | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 1. Rule is created without any erros | P1 | Functional |
|
|
|
Egress FR-16 | Communication blocked with network that is other than specified | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 3. Connection Fail | P1 | Functional |
|
|
|
Egress FR-17 | Create Egress rule and check the rules configured on SRX device | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol | 3. Policy should be created as follows on SRX device and it should contain specified CIDR, PORT range and Protocol | P1 | Functional |
|
|
|
Egress FR-18 | Create a Egress rule without specifying CIDR | 1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol and check the policy that gets created on SRX | 1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0 and Policy on SRX should list Destination address as ANY | P1 | Functional |
|
|
|
Egress FR-19 | Create Egress rule without End Port | 1. Create a Egress rule without end Port | 2. On SRX device, application should show Start port = End port | P1 | Functional |
|
|
|
Egress FR-20 | Regression on Firewall + PF + LB + SNAT | 1. Create Firewall Rule | 1,2,3,4 : All functionalities should work fine | P1 | Functional |
|
|
|
Egress FR-21 | create egress rule port 22 from guest network to any destination | 1. create egress rule for network with port 22 to any destination | 1. tcp 22 traffic allowed form guest network to any destination | P1 | Functional |
|
|
|
Firewall CIDR change after VR reboot |
|
|
|
|
| |||
Egress | Firewall rule with CIDR+PortRange+Protocol | 1.Configure firewall rule with CIDR+Port Range+ Protocol 2.Access vm from any client(whose ip address is part of CIDR configured in firewall rule). Should be successful 3.Restart VR and verify that firewall configuration is retained on the VR after restart 4.Repeat step2 | Configuration on VR should remain the same | P1 | Functional |
|
|
|
Egress FR-23 | Firewall rule without CIDR(with CIDR 0.0.0.0/0) | 1.Acquire another IP address in the network and configure PF with the guest vm 2.Create Firewall rull without CIDR for this new ip address 3.Access vm from any client . Should be successful. 4.Restart router and verify that firewall configuration is retained on the VR after restart 5.Repeat step2 | Configuration on VR should remain the same | P1 | Functional |
|
|
|
Egress FR-24 | Delete Firewall Rule | 1.Delete one of the firewall rules created in FR-22, FR-23 2.Verify that only one rule is present on VR 3.Restart VR and verify that same configuration is retained on the VR after restart 4.Access vm(Access should be allowed as per the existing firewall rule) | Configuration on VR should remain the same | P1 | Functional | |||
Egress FR-25 | Firewall with CIDR and without endport | 1.Acquire another public IP address and configure PF 2.Create firewall rule on this IP address with CIDR ,start port but without end port 3.Access vm from the client which is part of the CIDR. Should be successful 4.Restart VR and verify the configuration on VR after restart 5.Repeat step3 | Configuration on VR should remain the same | P1 | Functional | |||
Egress FR-26 | Public client access with VR restart | 1. Configure firewall with CIDR. 2. send the traffic from the public client which is not in the CIDR. 3. The access should fail. 4. Restart the router. 5. After restart also access should fail (step 3). | Public client access should fail. | P1 | Functional | |||
Egress FR-27 | VPC (Test ACLs) | Repeat Tests FR-22-25 for Network ACLs in VPC for both ingress and egress traffic. Verify the configuration on VPC VR before and after VR restart and also verify the connectivity to and from guest vms before and after VR restart. | Configuration on VR should remain the same and connectivity from guest VMs should remain before and after VR restart. | P1 | Functional |