VMware NSX

 View Only

  • 1.  Blocking users to access Mgmt Network

    Posted Jun 26, 2020 12:54 AM

    Hi gurus,

    May this question seem very basic I will re-ask based on the replies!

    If I am planning to block non-Admin users from going to my vCenter web GUI let say these users are connected via Distributed Port group should I use the DFW

    Source any dest: Cluster and choose Mgmt cluster and then action is block for HTTP/HTTPS or even any service doesn't matter and it would be effective ?

    Because I did that in my lab and I still able to connect to my mgmt network, I think I am missing something

    Thanks in Advance for your help



  • 2.  RE: Blocking users to access Mgmt Network

    Posted Jun 26, 2020 11:42 AM

    Hey,

    ANY > Cluster MGMT > Service > Deny. As you said should work.

    Q1: Is your MGMT cluster prepared for NSX? You need to have the DFW module to work.

    Q2: Check your exceptions tab, if your vcenter is in there, the firewall rule wont apply.

    Is this like production cluster or is your lab and you want to hide it for peoplo looking at your infra? If is the second option you can use indentity firewall also to only allow your user to access it.