Create Modify or Delete a Distributed Firewall rules and sections in NSX

 
As mentioned in the previous section the Distributed router focuses on East-West traffic, within the datacenter. The Distributed Firewall policies are pushed to the ESXi host which allows the firewall to function before the traffic enters the virtual switch. You can specify the source or destination of the traffic ranging from a single VM, to an entire datacenter, or even specify dynamic security groups of objects based on security tags, OS type, or even VM name. This is one of my favorite features of NSX because it is an extremely powerful security tool used to control traffic flow in your environment. The process is almost identical to Firewall Rules on the Edge Services Gateway, although here, you can create sections, which are a grouping of firewall policies, as well as create Layer 2 policies. The layer 2 firewall rules are processed before the Layer 3 rules.
 

Create, Modify, or Delete a Distributed Firewall rule

 
Step 1. Open the vSphere Client and Navigate to Networking & Security -> Firewall then click the Triangle Icon to expand the Default Section for Layer 3 rules.
 
1
 
Step 2. To access the Layer 2 sections, click the Ethernet tab at the top.
 
2
 
Note: To add firewall rules to redirect traffic registered to third party vendor solutions, click the Partner security Services I will be skipping this section as I believe it to be outside of the scope of the VCIX-NV.
 

Create, Modify, or Delete a Distributed Firewall rule Sections

 
Step 3. First, let’s create a new Section. To accomplish this, click on the Folder+ icon on the top right.
 
3
 
Step 4. Provide a Name for the Section as well as the Position then hit OK
 
4
 

Create Modify or Delete a Distributed Firewall rules and sections in NSX

 
Step 5. To add a rule, right click the Section where you would like to the rule to exist, then select Add rule
 
5
 
Step 6. Expand the Triangle icon and provide a Name, Source, Destination, Service, Action and Applied To. I won’t go over each of these as I already went into detail on this this in the previous section.
 
6
 
Step 7. When you have created your rule(s) go ahead and click Publish Changes
 

2 Comments

  1. Rajeev -  August 2, 2016 - 3:35 am 510

    Hi Sean

    Under the rule for the DLF there is option to select the direction
    In/Out
    In
    Out

    What does the above 3 options means & how each works.

    Reply
  2. Rajeev -  August 3, 2016 - 3:41 am 511

    IS there any documentation which explains the difference between these 3 options & where to use which option….

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top