VMware Networking Community
priscillagr
Enthusiast
Enthusiast
‎11-22-2018 02:22 AM

NSX DFW High Ports

Hello community!

So i am configuring microsegmentation for an application using vRealize Network Insight. I can see a lot of flows TCP/UDP on high ports (usually 30000-65353). I know those ports are usually used for the reply of a request of a know port (for example a reply from a request on 443) but I feel i am lacking some firewall knowledge to come up with the rules for these flows.

Do i need to explicitly allow the flow on those high ports in the distributed firewall? Or do i need to enable something on the NSX to make it automatically accept those replys?

Tags (2)
0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎11-23-2018 09:15 PM

VRNI is good source to pull the firewall requirements, in addition to that you should also check ARM Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization.. 

Leveraging the same will give you a precise overview on what is really required and you can publish the rule right from there which is not available in VRNI.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos