I am new to Nsx and running a Trial license and see if Nsx is beneficial to my network.
In my understanding of the NSX Distributed Firewall, it works on the Distribution Switch level.
I want to know if I do not need to set up Tier 0 and 1 Gateways.
I can find my VM on the inventory group now,
And I have set up a Firewall rule to try to block a VM Guest under the Distribution Switch, but no luck yet.
As mentioned you do not need T0s/T1s if you're just using distributed firewall. You have two options for a security-only use case:
* Use the quick start wizard to do a security only deployment (see https://blog.redlogic.nl/en/nsxt-32-dfw-vds for an example). This will only install/configure the pieces of NSX-T needed for the DFW (and other security components).
* Do a standard deployment but simply don't deploy any overlay networks/gateways/etc. This is a little more work up front in that you need to configure host TEPs, but it provides a simpler migration path if you decide you want overlay networks later. (If you deploy security-only using the quick-start wizard above, you have to completely unconfigure/reconfigure the hosts if you decide you want to add overlay networks.)
AR. I find what's wrong here now.
It is requesting the VSphere Cluster, not the NSX cluster.
I can deploy the Distribution Firewall via Wizard now.
I am trying to remove it and create all the settings manually again.
This will ensure I understand what is going on with the NSZ operation.
But then I hit a problem - I wonder if we can not create the Distributed Port Group manually, and it must be created via the Wizard
Seems it is no way for me to create the Distributed Port Group on the below page?