VMware Networking Community
jedijeff
Enthusiast
Enthusiast
‎10-31-2018 08:00 AM

Universal Firewall rules in NSX v6.35

Hi. We are in a cross vCenter deployment of NSX v6.35. We are just starting to do microsegmentation. I was under the impression that the firewalls could not sync. However it appears even in v6.35 I can have a universal firewall rule which syncs. And universal security tags.

I also read somewhere that you can only have 1 L2 section that can be marked for universal synchronization. However, I see in some VMware documentation you can have multiple sections that you can mark for universal synchronization. Is this true?

So if we create universal security tags, and security groups, and universal firewall rules, does that mean I can vMotion an VM from one site to another (which we can do now) and it will keep the exact same firewall now?

Thanks,,,

0 Kudos
1 Reply
Sreec
VMware Employee
VMware Employee
‎11-01-2018 01:59 AM

Below mentioned is the only supported objects if we are dealing with Universal DFW rules

pastedImage_0.png

So as long as we are creating the correct firewall rule on primary NSX manager and synchronization is working fine , workload mobility with consistent firewall policy (Specific to the above snippet) is possible.

Note: Edge Firewall rules are specific to the site if you have plans to leverage the same.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos