VMware Networking Community
1337Thomas
Enthusiast
Enthusiast
‎04-06-2020 01:48 AM

Default drop rule NSX-T

Hi,

we are running a setup with vcd v10 and NSX-T 2.5.

when creating an Edge in a customer tenant de default permission is any any permit.

We want to change this to default drop any.

It is possible to change the any permit to any deny in NSX manager, but this means de default deployments are still incorrect.

Also the VCD does not see the change from any allow to any drop. VCD keeps showing any permit even when the rule has been changed in NSX manager to drop.

Any suggestions to change de default deployment options?

Tags (1)
0 Kudos
2 Replies
Sreec
VMware Employee
VMware Employee
‎04-06-2020 03:35 AM

If you are referring to Tier-1 edges, i don't think there is a way to change the default rule on fly considering the deployment is done from tenant portal.Changing rules directly from NSX-T is not the best approach either .

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
1337Thomas
Enthusiast
Enthusiast
‎04-06-2020 03:40 AM

having a default allow rule is also not best practice.

so there is actually no real way to fix this?

0 Kudos