VMware Networking Community
santunez2275
Enthusiast
Enthusiast
‎08-12-2019 12:37 PM

Order NSX Firewall

Hello Guys

In a POC of VDI, need create rules of denied all connection from vdi desktop to any server except Domain Controller.

The  rules in firewall of nsx is.

1.- From VDI to Any - - - Block

2.- From VDI to AD Server (Ports groups) - - - Allow

3.- From AD Server to VDI - - Allow

The denied rules is the firts in the Order, but all connections from Vdi to AD are denied.

When disable the rule of denied the communication is correct and the desktop are authenticated in the domain.

I move the rule of denied from 1 to 3 but persist error when is enabled.

Any solutions or recomendations?

Regards.

Sebastián

Reply
0 Kudos
1 Reply
DaleCoghlan
VMware Employee
VMware Employee
‎08-12-2019 09:31 PM

You can do this simply with the following

Rule 1 - VDI to AD Server (Server ports) = Allow

Default L3 Rule = Block

If you still cannot logon, you probably also need to add rules for things like DNS (and other required services) above the default deny rule Smiley Wink

Reply
0 Kudos