Any body has used Traffic filtering and marking for traffic filtering, such as dropping traffic, creating port groups restrictions per vm's, or creating dmz like rule sets, etc?
thanks
Sam
Correct, you don't need NSX, this is a core feature of the distributed vSwitch available since vSphere 5.5, it allows you to create layer 2 and layer 3/4 firewall rules on distributed port groups or distributed ports.
I've used it to isolate VMs on DMZ networks similar to what a PVLAN setup would achieve and I would say it works good enough, at least on a small scale.
Check these links:
http://blogs.vmware.com/vsphere/2014/03/vsphere-distributed-switch-traffic-filtering.html
Refer below URLs, you can use VMware NSX for creating VM specific firewall rules, dmz...etc
Note, NSX is different product and has its own license.
Refer below URLs -
http://www.routetocloud.com/2015/04/nsx-distributed-firewall-deep-dive/
http://blog.algosec.com/2015/08/tips-on-how-to-create-filtering-policies-for-vmware-nsx.html
if you ask this question in "VMware NSX community" you may get more answers on NSX.
Thanks,
Haridas
Haridas,
Thanks for the info, I'm aware of NSX, and that's actually one of the reason i'm asking (NSX is not cheap), I don't need per vm, per port group would be fine.
Sam
Correct, you don't need NSX, this is a core feature of the distributed vSwitch available since vSphere 5.5, it allows you to create layer 2 and layer 3/4 firewall rules on distributed port groups or distributed ports.
I've used it to isolate VMs on DMZ networks similar to what a PVLAN setup would achieve and I would say it works good enough, at least on a small scale.
Check these links:
http://blogs.vmware.com/vsphere/2014/03/vsphere-distributed-switch-traffic-filtering.html
@MKguy
Thanks for correcting me.
thanks for the info, that's exactly how I want to set it up.
Sam