1 Reply Latest reply on Aug 12, 2019 9:31 PM by DaleCoghlan

    Order NSX Firewall

    santunez2275 Novice

      Hello Guys

       

      In a POC of VDI, need create rules of denied all connection from vdi desktop to any server except Domain Controller.

       

      The  rules in firewall of nsx is.

       

      1.- From VDI to Any - - - Block

      2.- From VDI to AD Server (Ports groups) - - - Allow

      3.- From AD Server to VDI - - Allow

       

      The denied rules is the firts in the Order, but all connections from Vdi to AD are denied.

       

      When disable the rule of denied the communication is correct and the desktop are authenticated in the domain.

       

      I move the rule of denied from 1 to 3 but persist error when is enabled.

       

      Any solutions or recomendations?

       

      Regards.

       

      Sebastián

        • 1. Re: Order NSX Firewall
          DaleCoghlan Enthusiast
          VMware Employees

          You can do this simply with the following

           

          Rule 1 - VDI to AD Server (Server ports) = Allow

          Default L3 Rule = Block

           

          If you still cannot logon, you probably also need to add rules for things like DNS (and other required services) above the default deny rule