VMware Networking Community
HybridNetArchit
Enthusiast
Enthusiast
‎05-26-2019 08:55 AM
Jump to solution

Identity Aware Firewall in cross vcentre nsx deployment

Hi,

Hopefully a straightforward query. Can Identity Firewall be used in conjunction with a cross vcentre NSX deployment?. In the cross vcentre design guide I have done a check and anything relating to identity firewall is not mentioned. This probably gives me my answer, but actually if its not possible due to constraints with the universal DFW, could it be use with local DFW policy in a secondary NSX site - so could the secondary NSX manager support this?

Thanks in advance

0 Kudos
1 Solution

Accepted Solutions
hansroeder
Enthusiast
Enthusiast
‎05-27-2019 03:00 AM
Jump to solution

I have actually set this up in a production environment with three NSX Managers (one for server workloads and two for Horizon View) and it works perfectly. However, the identity of logged in users cannot (as far as I can tell) propagate to other NSX Managers in the environment. So it will work, but only for the local NSX Manager.

View solution in original post

0 Kudos
2 Replies
Sreec
VMware Employee
VMware Employee
‎05-26-2019 11:17 PM
Jump to solution

Technically this should be possible , having site specific IDFW with a supported topology Identity Firewall Tested and Supported Configurations  irrespective of the NSX manager roles

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
hansroeder
Enthusiast
Enthusiast
‎05-27-2019 03:00 AM
Jump to solution

I have actually set this up in a production environment with three NSX Managers (one for server workloads and two for Horizon View) and it works perfectly. However, the identity of logged in users cannot (as far as I can tell) propagate to other NSX Managers in the environment. So it will work, but only for the local NSX Manager.

0 Kudos