VMware Networking Community
networlddsg
Enthusiast
Enthusiast
‎11-10-2017 05:31 AM
Jump to solution

About FW when using load balancer with NSX Edge

Is it mandatory to enable FW when using load balancers with NSX Edge?

1 Solution

Accepted Solutions
lhoffer
VMware Employee
VMware Employee
‎11-10-2017 08:59 AM
Jump to solution

Inline doesn't require SNAT as the source remains unchanged, however, it actually still requires DNAT so firewall needs to be enabled on the ESG either way.

The Load Balancer Configuration Verification and Troubleshooting Using the UI  guide alludes to this as  a pre-requisite: 

View solution in original post

0 Kudos
5 Replies
smitmartijn
VMware Employee
VMware Employee
‎11-10-2017 08:30 AM
Jump to solution

Hi,

There are two ways to deploy the Load Balancer: one armed and in-line (difference depicted below). One armed requires NAT, which in turn requires the firewall. In-line doesn't require the firewall, because it doesn't require NAT.

vmworld-2014-vmware-nsx-and-vcloud-automation-center-integration-technical-deep-dive-25-638.jpg

lhoffer
VMware Employee
VMware Employee
‎11-10-2017 08:59 AM
Jump to solution

Inline doesn't require SNAT as the source remains unchanged, however, it actually still requires DNAT so firewall needs to be enabled on the ESG either way.

The Load Balancer Configuration Verification and Troubleshooting Using the UI  guide alludes to this as  a pre-requisite: 

0 Kudos
smitmartijn
VMware Employee
VMware Employee
‎11-10-2017 09:36 AM
Jump to solution

I stand corrected!

0 Kudos
networlddsg
Enthusiast
Enthusiast
‎11-14-2017 04:17 AM
Jump to solution

Thankyou!

0 Kudos
networlddsg
Enthusiast
Enthusiast
‎11-14-2017 04:17 AM
Jump to solution

Thnakyou!

0 Kudos