johnnyadavis02
Contributor
Contributor

How to proactively change the default firewall rule set use for future Edges

Jump to solution

Can I proactively change the default firewall rule (or automatically include additional default rules) that are applied to all new NSX Edges?  

To be clear:

  • I am interested in a one-time change that will impact all new Edges rather than modifying the default rule after I deploy each Edge.
  • I want to change the Edge firewall rules, not the Distributed Firewall rules.

thanks.

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
chrisgnoon
Enthusiast
Enthusiast

No, I don't believe this is possible.

If you are using automation you can change/add custom rules upon deployment.  You can also write a script that would pull in the current Edge ID's and deploy custom rules to all the Edges.

I assume the used case for this would be to allow generic traffic like ICMP, DNS and NTP?

Chris Noon | CCDP | CCNP | VCDX 289
Don't forget to mark as solved if your questions are answered.

View solution in original post

0 Kudos
2 Replies
chrisgnoon
Enthusiast
Enthusiast

No, I don't believe this is possible.

If you are using automation you can change/add custom rules upon deployment.  You can also write a script that would pull in the current Edge ID's and deploy custom rules to all the Edges.

I assume the used case for this would be to allow generic traffic like ICMP, DNS and NTP?

Chris Noon | CCDP | CCNP | VCDX 289
Don't forget to mark as solved if your questions are answered.

View solution in original post

0 Kudos
RShankar22
VMware Employee
VMware Employee

Through Vcenter there is no such option. The only option through is to Enable/Disable the EDGE firewall after deployment.

If you want to create custom firewall for EDGE then you have use API after creation of EDGE To push the basic configuration which you want to push.

0 Kudos