Solved: Re: NSX Firewall Rule Processing

vmmedmed · ‎10-04-2017

Real basic question:

Are rules processed from top down in NSX firewall? That is - suppose

rule no 1 says deny traffic from host 10.10.10.100 to the Internet.

But rule 10 says permit port 80 traffic from host 10.10.10.100 to

Internet host 5.5.5.5. Should the specificity of rule 10 win the

day or is the top position of rule No 1 win the day? Thank you.

grosas · ‎10-04-2017

Yes - top to bottom; only the first match applies to the flow.

_____________________________________
Gabe Rosas (VMware HCX team at VMware)
Blog: hcx.design
LinkedIn: /in/gaberosas
Twitter: gabe_rosas

grosas · ‎10-04-2017

Yes - top to bottom; only the first match applies to the flow.

_____________________________________
Gabe Rosas (VMware HCX team at VMware)
Blog: hcx.design
LinkedIn: /in/gaberosas
Twitter: gabe_rosas

vmmedmed · ‎10-04-2017

Thank you. That appeared to be the case based on the logging that I saw. But wanted to confirm.

NSX Firewall Rule Processing