Hi,
If your virtual machines were connected to various distributed port groups (I.E. vlans) on a vSphere Distributed Switch and then you installed NSX, does NSX allow you create firewall rules that can be applied to those virtual machine vNICs which are connected to those same distributed port groups? I wasn't sure if you had to first migrate the virtual machines to virtual switches before NSX allowed you to assign the firewall rules.
Thanks.
We can use NSX dFW windout enable network virtualization (VXLAN and NSX Controller) on the Cluster.
NSX dFW can work on both VSS or vDS
NSX DFW operates at the VM vNIC level, meaning that a VM is always protected irrespective of the way it is connected to the logical network.
VM can be connected to a VDS VLAN-backed port-group or to a Logical Switch (VXLAN-backed port-group).
Hi,
Yes - you can use the distributed firewall to protect VM nics connected to a vDS using standard port-groups.
You can use the distributed firewall on either the vDS or a standard switch. The DFW module in the hypervisor enforces policy at the vNIC, dvfilters are not required.
Yes it works at the vnic level. So you can start to protect your vm before migrating to vxlan. Use L2 bringing while doing the migration can be useful.
We can use NSX dFW windout enable network virtualization (VXLAN and NSX Controller) on the Cluster.
NSX dFW can work on both VSS or vDS
NSX DFW operates at the VM vNIC level, meaning that a VM is always protected irrespective of the way it is connected to the logical network.
VM can be connected to a VDS VLAN-backed port-group or to a Logical Switch (VXLAN-backed port-group).