VMware Networking Community
vmware071
Contributor
Contributor
‎02-02-2023 06:21 AM

NSX Firewall Question

Hi Experts,

I have a quick question. We just deployed a NSX dev environment. We want to implement two rules ASAP - 

1) Any to Any - BLOCK to make sure no one can talk to each other.

2) One server (src) to a set of servers (des) - ALLOW

My questions - 

1) If I implement Rule # 1 first, will it block me from accessing NSX? 

2) If I implement Rule # 2 first, and then Rule # 1, will Rule # 1 overwrites Rule # 2? I'm in a chicken and egg situation. Please assist. Any help will be appreciated.

 

0 Kudos
3 Replies
ShahabKhan
VMware Employee
VMware Employee
‎02-02-2023 07:52 AM

Hi,

Firewall rules are inspected from top to bottom. If there is a hit on the first rule, then the inspection will stop there & the decision is taken based on that rule. Therefore, while implementing the firewall rules, you should implement rule 2 first & rule 1 second.

I hope that answers your question.

0 Kudos
vmware071
Contributor
Contributor
‎02-02-2023 09:04 AM

Thanks Shahab for replying.

What if I want to create more rules going forward for servers that need access? Do I make sure that I create those rules ABOVE any to any block rule?

0 Kudos
ShahabKhan
VMware Employee
VMware Employee
‎02-02-2023 09:56 AM

Yes, that is correct.

0 Kudos