Hello Everyone,
I'm hoping to get some feedback here on what I believe is a problem with Identity Based Firewall rules but can't get anywhere with it with VMware.
Here is the scenario:
Group 1 - AB based Group
VMGroup 1 - Group defined using VMname starts with. VMs live in the cluster managed with NSXT
VMGroup2 -Group Defined using IPs. VMs live in completely separate datacenter/vcenter cluster
Rules:
Rule1 - Source: Group 1, Dest: VMGroup 1, allow RDP applied to DFW
Rule2 - Source: Group 1, Dest: VMGroup 2, allow RDP applied to DFW
Rule 2 - Source: Any, Dest Any, Drop RDP applied to DFW
In this scenario I only want some users to be able to RDP other VMs in the same cluster and be able to rdp some external servers. Rule 2 works just fine but Rule 1 does not. It doesn't matter what criteria I use it doesn't work
On NSX-V we had those rules in place and they worked fine and after migration it does not. We started with NSX-T 3.1 and we are on 3.2.2 and it still doesn't function. VMtools is 12.1.5 with NSX introspection enabled
Did anybody encounter that behavior?
Hi,
Please follow the steps in the document to check whether Rule 1 is getting applied to the DFW.
If possible, please share the screenshots of the same.
Did you want outputs from all of the commands in article or just some specific ones?
I sent you private message