Create Segments Groups
First create segments groups for all web and app VM’s. the firewall policies will be applied as per the groups.
Click on inventory – groups – add
Provide name – click on set members
click on add criteria : vm – Name – contains – web – if needed other criteria can be added by clicking on + sign
Criteria can be created based on tags as well . review and click finish
Once done – click save.
click on view members
all the web-servers will list automatically
IP’s are below
segment ports for those VM’s are below.
Similarly create one group for app VM’s also and verify as shown below.
all groups are shown below
Create Distributed firewall rules
Click on Security – Distributed firewall – Category specific – application – Add policy
Provide name and select policy and click add rule
provide rule name – source – destination – services
select all details and action ( drop or allow) as needed. My case web-web traffic blocked.
similarly create all necessary rules – web- app only specific services and others block – click publish in the end
Test Distributed firewall
Once the rule is applied instantly the traffic is blocked as shown below.
Allow , drop and reject are the actions available
we can enable or disable specific rule as shown below…
click on logging settings as shown below.
Next post will cover the north south firewall rules.