Part 5: VMWare NSX-T Distributed firewall configuration



Create Segments Groups

First create segments groups for all web and app VM’s. the firewall policies will be applied as per the groups.

Click on inventory – groups – add

Provide name – click on set members

click on add criteria : vm – Name – contains – web – if needed other criteria can be added by clicking on + sign

Criteria can be created based on tags as well . review and click finish

Once done – click save.

click on view members

all the web-servers will list automatically

IP’s are below

segment ports for those VM’s are below.

Similarly create one group for app VM’s also and verify as shown below.

all groups are shown below


Create Distributed firewall rules

Click on Security – Distributed firewall – Category specific – application – Add policy


Provide name and select policy and click add rule

provide rule name – source – destination – services

select all details and action ( drop or allow) as needed. My case web-web traffic blocked.

similarly create all necessary rules – web- app only specific services and others block – click publish in the end

Test Distributed firewall

Once the rule is applied instantly the traffic is blocked as shown below.

Allow , drop and reject are the actions available

we can enable or disable specific rule as shown below…

click on logging settings as shown below.

Next post will cover the north south firewall rules.

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

One thought on “Part 5: VMWare NSX-T Distributed firewall configuration

  • July 23, 2022 at 4:47 pm

    In line with PCI DSS requirement, a Firewall rule review need to be conducted every half year. Can you please help me with best practices for DFW – firewall rule review process?


Leave a Reply

Your email address will not be published.

Show Buttons
Hide Buttons