So i am configuring microsegmentation for an application using vRealize Network Insight. I can see a lot of flows TCP/UDP on high ports (usually 30000-65353). I know those ports are usually used for the reply of a request of a know port (for example a reply from a request on 443) but I feel i am lacking some firewall knowledge to come up with the rules for these flows.
Do i need to explicitly allow the flow on those high ports in the distributed firewall? Or do i need to enable something on the NSX to make it automatically accept those replys?
VRNI is good source to pull the firewall requirements, in addition to that you should also check ARM Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization..
Leveraging the same will give you a precise overview on what is really required and you can publish the rule right from there which is not available in VRNI.