Highlighted
Enthusiast
Enthusiast

NSX DFW High Ports

Hello community!

So i am configuring microsegmentation for an application using vRealize Network Insight. I can see a lot of flows TCP/UDP on high ports (usually 30000-65353). I know those ports are usually used for the reply of a request of a know port (for example a reply from a request on 443) but I feel i am lacking some firewall knowledge to come up with the rules for these flows.

Do i need to explicitly allow the flow on those high ports in the distributed firewall? Or do i need to enable something on the NSX to make it automatically accept those replys?

Tags (2)
0 Kudos
1 Reply
Highlighted
VMware Employee
VMware Employee

VRNI is good source to pull the firewall requirements, in addition to that you should also check ARM Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization.. 

Leveraging the same will give you a precise overview on what is really required and you can publish the rule right from there which is not available in VRNI.

Cheers,
Sree | CKA|VCAP-NSX-T| VCIX-3X| VCAP-3X| VExpert 4x
0 Kudos