Distributed Firewall (DFW) rules are stored where. Are they stored in NSX Controller or in NSX Manager or on the ESXi hosts.
Secondly can we use Microsegmentation with DFW without using VXLAN overlays.
Hi hs77
"Distributed Firewall (DFW) rules are stored where. Are they stored in NSX Controller or in NSX Manager or on the ESXi hosts."
Rule configuration operations (add, edit, delete, import, export) are all done through the NSX Manager. Data plane execution of the rules is on the ESXi host, at the VM vNIC.
NSX Controllers are used for virtual network state management (VXLAN, Logical Routing). They're not utilized with the Distributed Firewall.
"Secondly can we use Microsegmentation with DFW without using VXLAN overlays."
Yes definitely. Rule enforcement will happen regardless of the transport. If VXLAN is in use, the enforcement will happen prior to encapsulation (or after decapsulation).
Hi hs77
"Distributed Firewall (DFW) rules are stored where. Are they stored in NSX Controller or in NSX Manager or on the ESXi hosts."
Rule configuration operations (add, edit, delete, import, export) are all done through the NSX Manager. Data plane execution of the rules is on the ESXi host, at the VM vNIC.
NSX Controllers are used for virtual network state management (VXLAN, Logical Routing). They're not utilized with the Distributed Firewall.
"Secondly can we use Microsegmentation with DFW without using VXLAN overlays."
Yes definitely. Rule enforcement will happen regardless of the transport. If VXLAN is in use, the enforcement will happen prior to encapsulation (or after decapsulation).