VMware Networking Community
priscillagr
Enthusiast
Enthusiast
‎10-17-2018 11:31 AM
Jump to solution

Service Composer x Distributed Firewall Rules

Hello!

Between security policies or distributed firewall rules, what would be the recommended one to use? I get the feeling that for repetitive rules such as access to infrastructure services (AD, DNS) it would be better to use Security Policies that can be applied to different Security Groups. But when i think about an Application with distinct requirements it would be better to create the rules in Distributed Firewall, as those rules would only apply to a few VMs.

Should i just choose one way and go for it? What is the recommendation?

Thanks!!

0 Kudos
1 Solution

Accepted Solutions
vLingle
VMware Employee
VMware Employee
‎10-17-2018 06:03 PM
Jump to solution

priscillagr,

If you haven't checked out the VMware NSX Micro-segmentation: Day 1 Guide, it's a great resource.  As a customer (before joining VMware), I found the best bang for your buck is using the DFW with Dynamic Security Groups.  It's an easy transition from traditional ip based objects/groups but gives you all the benefits of using dynamic security groups.  Service composer requires more effort up front but is beneficial when you have a lot of repetitive policies.  A great example of this can be seen here Using NSX Service Composer to create a more elegant ruleset | nsxperts.com.

Hope this Helps!

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle

View solution in original post

0 Kudos
2 Replies
vLingle
VMware Employee
VMware Employee
‎10-17-2018 06:03 PM
Jump to solution

priscillagr,

If you haven't checked out the VMware NSX Micro-segmentation: Day 1 Guide, it's a great resource.  As a customer (before joining VMware), I found the best bang for your buck is using the DFW with Dynamic Security Groups.  It's an easy transition from traditional ip based objects/groups but gives you all the benefits of using dynamic security groups.  Service composer requires more effort up front but is beneficial when you have a lot of repetitive policies.  A great example of this can be seen here Using NSX Service Composer to create a more elegant ruleset | nsxperts.com.

Hope this Helps!

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle
0 Kudos
priscillagr
Enthusiast
Enthusiast
‎01-25-2019 04:43 AM
Jump to solution

Thank you! It helped me a lot!

0 Kudos