NSX-T | Micro-Segmentation

Hello Guys,

Hope you are doing well wherever you are and I pray for everyone's life. Stay Home & Stay Safe!

So, as I promised, I am writing about micro-segmentation means DFW (Distributed FireWall) in NSX-T. This post is for those guys who knows how to configure it in NSX-V. In case, you want to understand DFW in detail then click here.

First of all, let's understand the Connectivity Strategy in NSX-T.

1. Blacklist (with or without logging) - This is the default option which creates an allow all rule in DFW. It also does mean that micro-segmentation is off.
2. Whitelist (with or without logging) - It creates deny all rule in DFW. To allow any traffic, we have to create allow rules. It block DHCP traffic as well if not allowed via allow rule
3. None - This option will disable both Blacklisting and Whitelisting of firewall rules. This option is useful when you have already applied rules from older version of NSX-T

In comparison of NSX-V, above terms were not in picture but default rule was allow-all.

In below video, we are going to explore DFW rules in NSX-T.

Now when we know about the connectivity strategy, let's dig in and know about the DFW rules.

Please go through below video

Feel free to ask any query here.

Thank you,


Post a Comment