NSX | Deny vs Reject

In NSX, while configuring firewall rules in Edge or in DFW, you might have noticed that there are three option while choosing any action for any incoming or outgoing packet.

In DFW - it is Allow, Block and Reject
In ESG - it is Accept, Deny and Reject

Reject action sends following responses-

  • RST packet for TCP Connection
  • ICMP unreachable with network administratively prohibited code

Deny action silently drops packet from or to the specified source and destination. For example, RTO.

Feel free to ask any question folks.

Thank you,
Team vCloudNotes


Post a Comment