1 Reply Latest reply on Jun 26, 2020 4:42 AM by NicolasAlauzet

    Blocking users to access Mgmt Network

    SrVMwarer Enthusiast

      Hi gurus,

       

      May this question seem very basic I will re-ask based on the replies!

       

      If I am planning to block non-Admin users from going to my vCenter web GUI let say these users are connected via Distributed Port group should I use the DFW

       

      Source any dest: Cluster and choose Mgmt cluster and then action is block for HTTP/HTTPS or even any service doesn't matter and it would be effective ?

       

      Because I did that in my lab and I still able to connect to my mgmt network, I think I am missing something

       

       

      Thanks in Advance for your help

        • 1. Re: Blocking users to access Mgmt Network
          NicolasAlauzet Hot Shot

          Hey,

           

          ANY > Cluster MGMT > Service > Deny. As you said should work.

           

          Q1: Is your MGMT cluster prepared for NSX? You need to have the DFW module to work.

          Q2: Check your exceptions tab, if your vcenter is in there, the firewall rule wont apply.

           

          Is this like production cluster or is your lab and you want to hide it for peoplo looking at your infra? If is the second option you can use indentity firewall also to only allow your user to access it.

          1 person found this helpful