networlddsg
Enthusiast
Enthusiast

About distributed logical router ACL

Jump to solution

Is it correct that the ACL of the distributed logical router is not adapted to communication passing through the distributed logical router?

Is it written on this site correct?

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-178B11B8-FEB1-49...

Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection.

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee

That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x

View solution in original post

0 Kudos
2 Replies
Sreec
VMware Employee
VMware Employee

That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x

View solution in original post

0 Kudos
networlddsg
Enthusiast
Enthusiast

Thankyou!

0 Kudos