Re: NSX-T 3.0 Distributed Firewall and Gateway Fir...

Petersaints · ‎06-30-2020

Hello all,

Need some advices related with Distributed Firewall and Gateway Firewall. By default the two FW are with the rule allow any/any.

After the deployment and configuration, should i change those rules to block state and create new ones more restricted? If so, is there a guide of best practices or anyone can give me some samples or recomendations?

Thanks.

Pedro Santos

Sreec · ‎06-30-2020

If you have plans to secure it with DFW policies, you should certainly limit the traffic flow using the correct policies. Even though there are two default sections (L2/L3) , most likely you will need some rules under shared services scope (Infrastructure) and environments for different apps or departments. There are few examples in NSX-T Data Center and EUC Design Guide & Context-aware Micro-segmentation with NSX-T 2.4 | Network and Security Virtualization | VMware

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

All

NSX-T 3.0 Distributed Firewall and Gateway Firewall