Test Case No | Test cases Name | Steps | Expected Result | Priority | Test Case Type | XEN | KVM | VMware |
| Virtual Router Scenario |
|
|
|
|
|
|
|
Egress FR - 1 | By-default the communication from guest n/w to public n/w is blocked | 1. login to Guest VM 2. Ping public network | 2. Public network should be blocked | P1 | Functional | Pass |
| |
Egress FR -2 | Allow Communication using Egress rule with CIDR + Port Range + Protocol | 1. Create Egress rule with Specific CIDR +Port Range +Protocol 2. Login to Guest VM 3. Try to connect the public network with specified CIDR, on Specified Port and with Specified protcol | 1. Rule is created without any erros 3. Connection should be established successfully | P1 | Functional | Pass |
|
|
Egress FR -3 | Communication blocked with network that is other than specified | 1. Create Egress rule with Specific CIDR +Port Range +Protocol 2. Login to Guest VM 3. Try to connect the public network with other than specified CIDR 4. Try to connect to the Port other than specified 5. Try to connect to the Protocol other than specified. | 3. Connection Fail 4. Connection Fail 5. Connection Fail | P1 | Functional | Pass |
| |
Egress FR -4 | Create Egress rule and check the Firewall_Rules DB table | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Login to cloud DB 3. check the table Firewall_Rules | 3. For the Rule, purpose should be shown as "Firewall" and Traffic_type should be set to "Egress" | P1 | Functional | Pass |
|
|
Egress FR -5 | Create Egress rule and check the IP tables | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Login to VR 3. Check the ip tables | 3. ip tables should list the rule created as follows -A FW_OUTBOUND -j FW_EGRESS_RULES -A FW_EGRESS_RULES -m state --state RELATED,ESTABLISHED -j ACCEPT -A FW_EGRESS_RULES -d 10.147.28.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A FW_EGRESS_RULES -j DROP | P1 | Functional | Pass |
|
|
Egress FR -6 | Create Egress rule without CIDR | 1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol 2. Check the Communication with different IPs , with Port within the specified Port Range and with specified Protocol | 1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0 2. Connection should be established successfully | P1 | Functional | Pass |
|
|
Egress FR -7 | Create Egress rule without End Port | 1. Create a Egress rule without end Port 2. With Valid CIDR value + valid Start Port + valid Protocol 3. Try to establish communication with Public network on Specified start port | 2. Start port and end port should be the Same in this case 3. Connection should be established successfully | P1 | Functional | Pass |
|
|
Egress FR -8 | Port Forwarding and Egress Conflict | 1. Create a PF rule that allows Port 22 on acquired public IP 2. Add Egress rule that allows communication from Guest nw to a Particular CIDR 3. Now try to connect from Ips other than specified in CIDR to the public IP specified in PF rule | 3. Connection to Public IP specified in PF rule should be successful and Egress should not impact it | P1 | Functional | Pass |
|
|
Egress FR -9 | Delete Egress rule | 1. Lets assume there is only One Egress rule. Now, Delete that Egress rule 2. Check that the communication is allowed from Guest network to ANY Public IP | 2. Connection with any Public IP should be established successfully | P1 | Functional | Pass |
| |
Egress FR-10 | Invalid CIDR and Invalid Port ranges | 1. Create a Egress rule with Invlaid CIDR value + Invalid Port Range | 1. Error should be thrown on UI | P1 | Functional | Pass |
|
|
Egress FR-11 | Regression on Firewall + PF + LB + SNAT | 1. Create Firewall Rule 2. Create PF rule 3. Create SNAT rule 4. Create LB rule | 1,2,3,4 : All functionalities should work fine | P1 | Functional | Pass |
|
|
Egress FR-12 | Reboot Router | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Reboot VR 3. Login to Guest VM 4. Try to connect the public network with specified CIDR, on Specified Port and with Specified protcol | 1. Rule is created without any erros 2. After reboot all rules should be present 3. Connection should be established successfully | P1 | Functional | Pass | ||
| ||||||||
Egress FR-13 | Redundant Router : Master failover | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Stop Master router 3. Login to Guest VM 4. Try to connect the public network with specified CIDR, on Specified Port and with Specified protcol | 1. Rule is created without any erros 2. After Stopping master, Slave should become master and all rules should be configured on it 3. Connection should be established successfully | P1 | Functional | Pass |
|
|
|
|
|
|
|
|
|
|
|
| JUNIPER SRX Scenario |
|
|
|
|
|
|
|
Egress FR-14 | By Default, check that the communication from Guest NW (trust) to Public NW (Untrust) is blocked | 1. Login to Guest VM 2. Try to connect to public network | 2. Public NW is unreachable | P1 | Functional | Pass | Pass | Pass |
Egress FR-15 | Allow Communication using Egress rule with CIDR + Port Range + Protocol | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Login to Guest VM 3. Try to connect the public network with specified CIDR, on Specified Port and with Specified protcol | 1. Rule is created without any erros 3. Connection should be established successfully | P1 | Functional | Pass | Pass | Pass |
Egress FR-16 | Communication blocked with network that is other than specified | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Login to Guest VM 3. Try to connect the public network with other than specified CIDR 4. Try to connect to the Port other than specified 5. Try to connect to the Protocol other than specified. | 3. Connection Fail 4. Connection Fail 5. Connection Fail | P1 | Functional | Pass | Pass | Pass |
Egress FR-17 | Create Egress rule and check the rules configured on SRX device | 1. Create a Egress rule with Specific CIDR + Port Range + Protocol 2. Login to SRX device 3. Check the Policies | 3. Policy should be created as follows on SRX device and it should contain specified CIDR, PORT range and Protocol | P1 | Functional | Pass | Pass | Pass |
Egress FR-18 | Create a Egress rule without specifying CIDR | 1. Create a Egress rule with Empty CIDR value + valid Port Range + valid Protocol and check the policy that gets created on SRX 2. Check the Communication with different IPs , with Port within the specified Port Range and with specified Protocol | 1. If CIDR is not specified the it should be defaulted to 0.0.0.0/0 and Policy on SRX should list Destination address as ANY 2. Connection should be established successfully | P1 | Functional | Pass | Pass | Pass |
Egress FR-19 | Create Egress rule without End Port | 1. Create a Egress rule without end Port 2. With Valid CIDR value + valid Start Port + valid Protocol and check SRX policies 3. Try to establish communication with Public network on Specified start port | 2. On SRX device, application should show Start port = End port 3. Connection should be established successfully | P1 | Functional | Pass | Pass | Pass |
Egress FR-20 | Regression on Firewall + PF + LB + SNAT | 1. Create Firewall Rule 2. Create PF rule 3. Create SNAT rule 4. Create LB rule | 1,2,3,4 : All functionalities should work fine | P1 | Functional | Pass | Pass | Pass |
Egress FR-21 | create egress rule port 22 from guest network to any destination | 1. create egress rule for network with port 22 to any destination | 1. tcp 22 traffic allowed form guest network to any destination2. other traffic such as ping are blocked | P1 | Functional | Pass | Pass | Pass |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|