VMware Networking Community
networlddsg
Enthusiast
Enthusiast
‎04-12-2018 01:39 AM
Jump to solution

About distributed logical router ACL

Is it correct that the ACL of the distributed logical router is not adapted to communication passing through the distributed logical router?

Is it written on this site correct?

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-178B11B8-FEB1-49...

Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection.

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎04-12-2018 02:14 AM
Jump to solution

That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
2 Replies
Sreec
VMware Employee
VMware Employee
‎04-12-2018 02:14 AM
Jump to solution

That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
networlddsg
Enthusiast
Enthusiast
‎04-12-2018 02:39 AM
Jump to solution

Thankyou!

0 Kudos