1 Reply Latest reply on May 6, 2019 6:29 AM by mauricioamorim

    NSX-T DFW Protection without N-VDS

    xyker Lurker

      Is is it possible to protect my VMs' that have interfaces connected to a regular port group on a VDS?  We have a second interface on a number of VMs that are able to talk to our physical backup appliance on the same VLAN.  We want to prevent the VMs from communicating with each other through the backup interface by using the DFW.  We feel better about not having our heaviest traffic flow through the Edge VMs so we do not want to use the N-VDS for those interfaces.  Is our understanding of the N-VDS flawed?  How can we protect interfaces that are not part of an N-VDS?

        • 1. Re: NSX-T DFW Protection without N-VDS
          mauricioamorim Expert
          VMware Employees

          You need to migrate those interfaces to the N-VDS to be able to apply micro-segmentation. You can just migrate those interfaces that are on a VDS to the N-VDS keeping it VLAN backed in the N-VDS so they communicate directly to the backup appliance. There is no need for this traffic to go through an Edge.