When I configuring interfaces - I can to setup type of it: internal, uplink and trunk.
When I configuring firewall rules - I can to use different vNIC groups: internal and external.
I think that internal interfaces compiles to internal vNIC group in firewall,
uplink is external vNIC group (is it true??), but whats groups compiles trunk interface and subinterfaces?
On ESG's you can only create firewall rules on internal (downstream) or external (uplink) interfaces.
If you select vNIC Group and then select vse, the rule applies to traffic generated by the NSX Edge. If you select internal or external, the rule applies to traffic coming from any internal or uplink interface of the selected NSX Edge instance. The rule is automatically updated when you configure additional interfaces. Note that firewall rules on internal interfaces do not work for a Logical Router.
For more information please check this Add an NSX Edge Firewall Rule
nachogonzalez, thanks, but I can read the documentation myself.
My question is about trunk interface. How rules "internal" and "external" apply to trunk interface and subinterfaces?
Yacudzer You cannot create any firewall role for Sub interface on Edge as mentioned by VMware "A sub interface cannot be used for HA or Logical Firewall. You can, however, use the IP address of t..." but for trunk you can create a firewall and select from the vNIC Group the interface name you write it when you was configuring the trunk interface in the interface tab.
Firewall vNIC Group Drop menu
This is How you can do. But let me ask you why you want to do this? we can find different solution more easy and more supportable. Share you bussnis requirement or the design you want to go with and lets think all together.
I hope this answer your question and i hope that this become answer or helpful comment for you. also, for More details and more information just follow my blog http://www.syncgates.com.