In a POC of VDI, need create rules of denied all connection from vdi desktop to any server except Domain Controller.
The rules in firewall of nsx is.
1.- From VDI to Any - - - Block
2.- From VDI to AD Server (Ports groups) - - - Allow
3.- From AD Server to VDI - - Allow
The denied rules is the firts in the Order, but all connections from Vdi to AD are denied.
When disable the rule of denied the communication is correct and the desktop are authenticated in the domain.
I move the rule of denied from 1 to 3 but persist error when is enabled.
Any solutions or recomendations?
You can do this simply with the following
Rule 1 - VDI to AD Server (Server ports) = Allow
Default L3 Rule = Block
If you still cannot logon, you probably also need to add rules for things like DNS (and other required services) above the default deny rule