yetanothertechi
Contributor
Contributor

Firewall rules for NSX across 2 vCentres

Jump to solution

I have 2 vCentres, 1 in each physical site,  in linked mode and running NSX (only DFW component) on both of them. In each site, the ESX hosts in the clusters where I installed NSX are behind a firewall so I found this doc to get the required ports:

VMware NSX 6.2 for vSphere Documentation Center

I now have the ports open for the NSX Managers/vCentre server/ESX hosts on each site, i.e. rules allow NSX Manager/vCentre/ESX hosts to communicate within site 1 only.

I have similar firewall rules for site 2.

My question is, do I need firewall rules to allow the NSX Manager in site 1 to communicate with the vCentre and ESX hosts in site 2, and vice versa?

Thanks for any help.

0 Kudos
1 Solution

Accepted Solutions
Richard__R
Enthusiast
Enthusiast

Take a look at the Appendix in the latest version of the hardening guide - the've updated it with some cross-VC stuff.  You need the Primary and any Secondary NSX Managers to communicate for universal sync, both Managers to communicate with the Universal Controller Cluster (on site 1) and hosts on site 1 and 2 to be able to communicate with the UCC but I don't believe you need your site 2 vCenter/Hosts to communicate with the site 1 NSX Manager if I'm reading it correctly.

NSX-v 6.2.x - Security Hardening Guide (Published version 1.5)

View solution in original post

0 Kudos
2 Replies
Richard__R
Enthusiast
Enthusiast

Take a look at the Appendix in the latest version of the hardening guide - the've updated it with some cross-VC stuff.  You need the Primary and any Secondary NSX Managers to communicate for universal sync, both Managers to communicate with the Universal Controller Cluster (on site 1) and hosts on site 1 and 2 to be able to communicate with the UCC but I don't believe you need your site 2 vCenter/Hosts to communicate with the site 1 NSX Manager if I'm reading it correctly.

NSX-v 6.2.x - Security Hardening Guide (Published version 1.5)

0 Kudos
yetanothertechi
Contributor
Contributor

Thanks a lot for the info, that's answered my question.

0 Kudos