This depends on the use case and network design. If an Edge Gateway or DLR is in between, you can create IP based rules or you can work with the Distributed Firewall and Security Policies and Tags. But without knowing your network design and structure, I can't give a more accurate answer.
---
Regards,
Sebastian
VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist
Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
