I have 2 vCentres, 1 in each physical site, in linked mode and running NSX (only DFW component) on both of them. In each site, the ESX hosts in the clusters where I installed NSX are behind a firewall so I found this doc to get the required ports:
VMware NSX 6.2 for vSphere Documentation Center
I now have the ports open for the NSX Managers/vCentre server/ESX hosts on each site, i.e. rules allow NSX Manager/vCentre/ESX hosts to communicate within site 1 only.
I have similar firewall rules for site 2.
My question is, do I need firewall rules to allow the NSX Manager in site 1 to communicate with the vCentre and ESX hosts in site 2, and vice versa?
Thanks for any help.
Take a look at the Appendix in the latest version of the hardening guide - the've updated it with some cross-VC stuff. You need the Primary and any Secondary NSX Managers to communicate for universal sync, both Managers to communicate with the Universal Controller Cluster (on site 1) and hosts on site 1 and 2 to be able to communicate with the UCC but I don't believe you need your site 2 vCenter/Hosts to communicate with the site 1 NSX Manager if I'm reading it correctly.
NSX-v 6.2.x - Security Hardening Guide (Published version 1.5)
Take a look at the Appendix in the latest version of the hardening guide - the've updated it with some cross-VC stuff. You need the Primary and any Secondary NSX Managers to communicate for universal sync, both Managers to communicate with the Universal Controller Cluster (on site 1) and hosts on site 1 and 2 to be able to communicate with the UCC but I don't believe you need your site 2 vCenter/Hosts to communicate with the site 1 NSX Manager if I'm reading it correctly.
NSX-v 6.2.x - Security Hardening Guide (Published version 1.5)
Thanks a lot for the info, that's answered my question.