I would like to start using NSX-T distributed firewall (dFW) in my VCF 4.5 domains, but won't be using logical routing at this time.
VCF has prepared the nodes, e.g. created transport zone, the uplink and transport node profiles, configured NSX on the nodes, etc.
If I want to start using dFW, but don't care about overlay, do I simply create a segment with a VLAN in NSX Manager and associate it with the transport zone created by VCF? Then binding VMs vNIC to the VDS portgroup so dFW policies and rules are applied.
Or should I create a new VLAN transport zone and associate with hosts in the domain? And then create the segment and bind VM vNICs.
Thanks!
