Part 5: VMWare NSX-T Distributed firewall configuration

 

 

Create Segments Groups

First create segments groups for all web and app VM’s. the firewall policies will be applied as per the groups.

Click on inventory – groups – add

Provide name – click on set members


click on add criteria : vm – Name – contains – web – if needed other criteria can be added by clicking on + sign


Criteria can be created based on tags as well . review and click finish


Once done – click save.


click on view members


all the web-servers will list automatically


IP’s are below


segment ports for those VM’s are below.


Similarly create one group for app VM’s also and verify as shown below.


all groups are shown below

 

Create Distributed firewall rules

Click on Security – Distributed firewall – Category specific – application – Add policy

 


Provide name and select policy and click add rule


provide rule name – source – destination – services


select all details and action ( drop or allow) as needed. My case web-web traffic blocked.


similarly create all necessary rules – web- app only specific services and others block – click publish in the end

Test Distributed firewall

Once the rule is applied instantly the traffic is blocked as shown below.


Allow , drop and reject are the actions available


we can enable or disable specific rule as shown below…

click on logging settings as shown below.


Next post will cover the north south firewall rules.

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons