NSX-T 2.5.0
DFW = NSX-T Distributed Firewall in Simplified UI
The DFW rulebase (rules) are partitioned into Categories (Ethernet, Emergency, Infrastructure, Environment, Application).
Why is it?
What is purpose?
What is advantage, usage?
It looks like the separation looks only as a cosmetic folders and actually it is still linear rulebase read from top to down (category left to right).
As it is seen in Advanced UI FW resultant rulebase.
Is there any real technical purpose that the categories have been defined?
Or vice versa, is it any problem or limitation or processing change when you move rules from Infrastructure and Environment to bottom of Emergency category?
Note: Why I solve it! First I would like to know the technical background and second because of following issue: PKS Kubernetes Network Policy and NSX-T Firewall rules sequence problem
Configuring the DFW involves planning and designing for use considering best practices. With this in mind VMware came up with a Security Rule Model that helps achieve an optimal micro-segmentation strategy that includes the mentioned categories. This was made to help customers organize their rules in sections so they have an optimized use of the DFW. In the end rules are just sequential, but a good strategy makes better use of the DFW.
This is documented in the Reference Design Guide available in VMware® NSX-T Reference Design on section 5.4.
Configuring the DFW involves planning and designing for use considering best practices. With this in mind VMware came up with a Security Rule Model that helps achieve an optimal micro-segmentation strategy that includes the mentioned categories. This was made to help customers organize their rules in sections so they have an optimized use of the DFW. In the end rules are just sequential, but a good strategy makes better use of the DFW.
This is documented in the Reference Design Guide available in VMware® NSX-T Reference Design on section 5.4.
OK.
So I understand following results:
The strategy is clear, right, usable, logical, ... . I use this model as well. And guide really can help.
Thank you.