> You probably remember that in DNA4.4.1 I wrote about the following
> firewall-related issue concerning the production infrastructure:
>
>
> The configuration of firewalls of CE and SE services are neither
> unified nor specified in EGEE, resulting unpredictable accessibility
> for users and their jobs. It is a fact that only a subset of SEs can
> be seen and reached from the CEs of the same VO, moreover this
> accessibility matrix changes over time without users getting notified.
> As a consequence, the users’ jobs can very often use EGEE VOs as sets
> of independent clusters, within which a cluster can access only its
> "close SE" and no data transfer is possible from one site to the
> other. As this limitation degrades EGEE VOs to "set of clusters", some
> users decide to return to their local clusters instead. EGEE-III (or
> the VOs?) should develop and force firewall policies to the sites, and
> should develop test suits for users that could use to check the
> accessibility relationships of CEs and SEs.
