May this question seem very basic I will re-ask based on the replies!
If I am planning to block non-Admin users from going to my vCenter web GUI let say these users are connected via Distributed Port group should I use the DFW
Source any dest: Cluster and choose Mgmt cluster and then action is block for HTTP/HTTPS or even any service doesn't matter and it would be effective ?
Because I did that in my lab and I still able to connect to my mgmt network, I think I am missing something
Thanks in Advance for your help
ANY > Cluster MGMT > Service > Deny. As you said should work.
Q1: Is your MGMT cluster prepared for NSX? You need to have the DFW module to work.
Q2: Check your exceptions tab, if your vcenter is in there, the firewall rule wont apply.
Is this like production cluster or is your lab and you want to hide it for peoplo looking at your infra? If is the second option you can use indentity firewall also to only allow your user to access it.