VMware NSX

 View Only

  • 1.  Traffic Steering Firewall Rules

    Posted May 24, 2018 12:16 PM

    Hi,

    Are Network Introspection Traffic Steering rules within a Security Policy dependant on traffic first being permitted by the Firewall Rules for that Policy?

    e.g.

    Firewall Rules:

         Permit ICMP

         Permit HTTP

         Deny All

    Network Introspection

         Redirect SQL

    Is an explicit Permit SQL Firewall Rule needed in order for the redirect to work? or is it redirected regardless?



  • 2.  RE: Traffic Steering Firewall Rules
    Best Answer

    Broadcom Employee
    Posted May 24, 2018 12:54 PM

    You still need a rule to permit the traffic or it will just get dropped as opposed to redirected.  Snippet from the prerequisite portion of the Redirecting Traffic to a Vendor Solution through Logical Firewall​ section of the admin guide:  

    • If the default firewall rule action is set to Block, you must add a rule to allow the traffic to be redirected.


  • 3.  RE: Traffic Steering Firewall Rules

    Posted May 24, 2018 01:00 PM

    Perfect - thank you!