VMware Networking Community
neel_mani
Contributor
Contributor
‎10-04-2017 01:14 AM
Jump to solution

NSX installation guidance-Firewall feature only.

Folks,

We are in process to get our NSX feature rolled out to the vCentre.

This includes the firewall feature only.

We are pretty new to this and would like to get some initial guidance on recommended practice.

What I understand is when we do not needed a vSwitch and a vRouter the cluster controllers are not needed, correct?

When we want to roll out a firewall feature only all we need is the NSX manager.

Regards,

N!!

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎10-04-2017 08:25 AM
Jump to solution

For microsegmentation use case we don't need to leverage Controllers/Logical Router/Logical Switches,Edges etc . You can certainly use the feature on vSphere port groups.However Logical switches with DFW is the best combination.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
5 Replies
Sreec
VMware Employee
VMware Employee
‎10-04-2017 08:25 AM
Jump to solution

For microsegmentation use case we don't need to leverage Controllers/Logical Router/Logical Switches,Edges etc . You can certainly use the feature on vSphere port groups.However Logical switches with DFW is the best combination.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
amolnjadhav
Enthusiast
Enthusiast
‎10-07-2017 12:47 AM
Jump to solution

Hi Neel_Mani,

  Yeah, you don't need any NSX Component accept NSX Manager but make sure you DFW is not Supported on Standard Switch only DVS.

Regards

Amol

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Regards Amol Jadhav VCP NSXT | VCP NSXV | VCIX6-NV | VCAP-DCA | CCNA | CCNP - BSCI
0 Kudos
rajeevsrikant
Expert
Expert
‎10-08-2017 05:43 AM
Jump to solution

The below link says that DFW will work in Standard switch but it is not officially supported by VMware.

Let me know if this is right.

NSX & vSphere Standard Switch Compatibility · vrandom

0 Kudos
rajeevsrikant
Expert
Expert
‎10-08-2017 05:58 AM
Jump to solution

Also I found the below.

pastedImage_0.png

Its mentioned that the Applied To can be applied to Legacy Port group - VSS port group

0 Kudos
toroki
Contributor
Contributor
‎10-09-2017 03:26 AM
Jump to solution

It's better to migrate to vDS. Here is the snapshot from the official slide from VMWorld 2017 for the logical recommendation.

pastedImage_0.png

0 Kudos