Re: NSX-T 3.2 Active Directory based Groups

ggovek · ‎03-16-2023

This is how it works for me:

@ralbertodacu wrote:
I had a similar issue when I was testing the Identity Firewall on my home lab:
- VM A, logged in with a User from my "Allowed Test Group";
- VM B, target VM that I was trying to connect via SSH;
My firewall rules looked similar to yours (AD Group allowed to speak to VM Group where VM B was), however I could not establish a connection.
The only way I could make it work at the time was by explicitly allowing the return traffic. In other words, I had to create another rule that would allow VM B to speak to VM A. You can test it with an "Allow Any Any" rule and, if it works, narrow it down just to the specific traffic you're looking for.

Hope this helps.