Translate

Total Pageviews

My YouTube Channel

Tuesday 26 March 2019

NSX-T 2.2 Distributed Firewall (DFW)

Firewall is one of the security feature. In NSX-T Distributed firewall is applied at vNIC Level of the VM. This means it gets applied to the VM regardless of vMotion of the VM.

DFW Components
Note:-
There is no toggling between stateful and stateless once it is defined

Firewall Rules are enforced as follows:
  1. Rules are processed in top-to-bottom ordering.
  2. Each packet is checked against the top rule in the rule table before moving down the subsequent rules in the table.
  3. The first rule in the table that matches the traffic parameters is enforced.
How to Configure Distributed Firewall Rules
1. Login to NSX Manager UI


2. Firewall > Configuration > Select the Existing Section > Click on Add Section Above


3. Configure the section details
Note:-
There is no toggling between stateful and stateless once it is defined

4. Add rule in Section
Select Section > Click on 3 dot icon > add rule


5. Configure Rule Details. In my example i am dropping all type of traffic destined for Web Server Logical SwitchVMs > Publish


6. Now Verify the Rule Functionality. Check Ping to any Web Server VM or anything else.

To Know more about Firewall Rules Click Here

No comments:

Post a Comment