create default acl for remote access gw

logic/acls.go

@@ -69,6 +69,33 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 		InsertAcl(defaultUserAcl)
 	}
 
+	if !IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"))) {
+		defaultUserAcl := models.Acl{
+			ID:        models.AclID(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws")),
+			Default:   true,
+			Name:      "all-remote-access-gws",
+			NetworkID: netID,
+			RuleType:  models.DevicePolicy,
+			Src: []models.AclPolicyTag{
+				{
+					ID:    models.DeviceAclID,
+					Value: fmt.Sprintf("%s.%s", netID, "remote-access-gws"),
+				},
+			},
+			Dst: []models.AclPolicyTag{
+				{
+					ID:    models.DeviceAclID,
+					Value: "*",
+				},
+			},
+			AllowedDirection: models.TrafficDirectionUni,
+			Enabled:          true,
+			CreatedBy:        "auto",
+			CreatedAt:        time.Now().UTC(),
+		}
+		InsertAcl(defaultUserAcl)
+	}
+
 }
 
 // DeleteDefaultNetworkPolicies - deletes all default network acl policies

migrate/migrate.go

@@ -335,7 +335,6 @@ func syncUsers() {
 		if err == nil {
 			for _, netI := range networks {
 				logic.CreateDefaultNetworkRolesAndGroups(models.NetworkID(netI.NetID))
-				logic.CreateDefaultAclNetworkPolicies(models.NetworkID(netI.NetID))
 				networkNodes := logic.GetNetworkNodesMemory(nodes, netI.NetID)
 				for _, networkNodeI := range networkNodes {
 					if networkNodeI.IsIngressGateway {
@@ -442,5 +441,6 @@ func createDefaultTags() {
 	}
 	for _, network := range networks {
 		logic.CreateDefaultTags(models.NetworkID(network.NetID))
+		logic.CreateDefaultAclNetworkPolicies(models.NetworkID(network.NetID))
 	}
 }