Thanks for the reply, I did get this answer from my account rep and his associate who is the NSX expert for the Government \ EDU sector in my area.
However, unfortunately it requires and upgrade to the Enterprise plus licensing and you are correct that customization is not possible yet. It currently doesn't include amazon.com in the list of pre-defined URLs. It is just me or has amazon.com been left out intentionally so that people are nudged toward VMC on AWS??
1 person found this helpful
as mentioned previously NSX-T does not support URL and vmware advise to use IPs for now. We are using IPs so firewall rules continue to work when migrating vms from on prem to cloud and back etc. The URL onprem is too slow and often delayed.
One way would be to use a scheduled script that could update the ip rule based on the fqdn automatically using powershell or api direct. You also will not have to worry about DNS issues and if nsx is unable to resolve the firewall rule is invalid.
Hell A13xxx - you must be referring to this:
I like the idea of shifting to NSX-T, but a scripting server will still need to be used if someone wants amazon.com as a URL in the rules because in the long list of pre-defined URLs VMware has made available for configuration in the NSX-T product, they also deliberately excluded this domain name.
We use NSX v a lot on prem and the DFW of NSX t is still very basic, its pretty much a battle and it baffles me why you cannot migrate between them and why there is no universal tag system. I raised many cases and each time i have been told use IP.
Its still a mission getting the logs out for troubleshooting compared to onprem nsx