Like LBaaS, FWaaS requires a specific workflow to properly implement firewall policies. First, firewall rules are created and inserted into policies. Then, a firewall is created and associated with a firewall policy. Once a firewall policy has been applied, the rules are immediately put in place on all routers that exist within the tenant. In Havana, a hard-set quota exists that allows only one active firewall policy per tenant.

Firewall policies can be shared amongst tenants, which means that whenever a policy is updated, it results in the immediate updating of any firewall that is associated with the policy. The FWaaS API is considered experimental in Havana and Icehouse, and it may exhibit unexpected behavior. Therefore, it ...