VMware NSX-T Distributed Firewall \\ Everything you need to know but were scared to ask.
HTML-код
- Опубликовано: 26 окт 2024
- This is a lecture / Demo of the NSX-T / NSX Distributed firewall. We will discuss the security features of the VMware Distributed Firewall. Demo will cover creating a firewall rule and validating that the rule works and examine the filters of the firewall filter.
We will also take a look at the NSX-T / NSX Traceflow tool and how it can be used to validate NSX Firewall Rules..
The lecture portion will also cover the various components that make up the Distributed Firewall and a quick discuss on the Service Defined firewall. and what NSX Micro segmentation is and its advantages
Thanks Stephen...I knew 3 mins in.. you were the right source for my doubts on nsxt firewall...
Thanks so much. More videos to come. Have a good one.
Just the video I was looking for to understand distributed firewall in NSX.
Solid Work. Thanks.
Glad it helped! Have a great day
Really great DFW Information. especially the "hidden Knowledge" you gave. really appreciate
My pleasure!. You have a great day and thanks for watching..
This is the best I’ve seen. Great job.
Glad you liked it! Have a great day
Hello Stephen, Great Video! One thing to clarify why the SSH deny rule applied to AppVM which is a different IP. I understand the Applied to field - DFW will apply to all VMs, but here Source is Web and Destination is DB.
The default behavior is to apply the DFW rules to all vnic's on all VM's. Imagine a physical F/W. All traffic will go through it no matter what.. The DFW allows us to be specific.. So unless the rule applies to everyone, make sure you modify the applied to field for the groups the rule is intended for. Have a good one.
Nicely explained and the best one
Thanks a lot 😊 You have a good one,
You are great, thanks for the great video. The explanation of NSX DFW part working on NSX segment only was something very confusing to me
Glad it helped! You have a great day...
very nice lecture!
Glad you liked it!. Have a good one. More to come..
Great Great Great Stuff. Hats off to you.
Thanks a lot!. REally appreciate the comment. Have a great day
Well done Stephen, very understandable! Is there any of your videos where you explain also the use of Service Interface for Tier1 and Tier0 ?
Not yet, but I more than likely can put one together over the next week or so.. See what I can do..
Decided that it may be some time before I put together a video on a Service Interface. The quick answer is. "It allows me to have a VLAN back Segment connect to my T1 or T0 gateway.. Maybe you have Overlay segments using your T1 G/W for first hop routing but you have a physical VLAN that you want to do the same with.. Now you physical machines can use the T1 as their first hop router (not a popular use case).. There are some other uses that VMware partners can use it for as well. i.E Firewall redirection, MAlware redirection and so on.... Hope this helps. Have a good one
@@TechUnGlued No problem. Take your time. For now, many thanks.
Meanwhile i'll watch all other videos you made. Keep It up!
Thank you. Great Stuff
Glad you enjoyed it!. Have a good one
Great channel steve so informative
Keep it up 👍
It would be great if you add stuff related to best practices for micro segmentation
Subscribed and big like
Thanks so much.. Great idea. I will put one together soon. Have a great day..
Stephen, Can you also cover the Distributed Identity Firewall with NSX-T in details in another video ?
I will add it to the list. Have a good one.
Brilliant Explanation !
Glad you liked it! Have a good one.
Nice explaination , Thank you Steve :)
You are welcome! Have a great day
Very good explanation
Thanks very much. Have a great day
There is an option in rules setting for Direction (In, Out, In-out) this is for logging like it captures only incoming traffic if we select IN, ougoing if we select OUT, capture both if we select IN-Out? or it defines the data flows? like if we select IN-OUT, will it enable the bidirectional?
This is for logging from the view of the destination. "IN" will only log in bound traffic, "Out" - Will log only outbound traffic and "In-Out" will log both. Have a great day and thanks for watching..
Wow man, I cannot thank you enough for your explanations and examples and the testing, I guess it's beneficial to you, but I enjoyed watching you throughout the whole video, keep the show on
Thank you very much! Really enjoy doing this. Still waiting to get monetized by RUclips, but still enjoy doing this stuff. Thanks for watching.. Have a good one
@@TechUnGlued you definitly worth more than what youtube is giving.
hi, great video and explanation. about the "applied to" field if i have a rule that consists of SOURCE: group combination of vm and ip address DST: group of vms only. in the field "applied to" i configured both groups. DO the source vms get the rule in their vnic fw? nsxt version 3.2.1
Hi Thanks for watching. Good question. The vm's in both the Source and Destination groups would get the rules.. Hope this helps and have a great day..
Nice Video Subscribed
Thanks for the sub! Have a great day
Wonderful :)
Thank you! Cheers!
❤ thanks bro
Any time
If you have dfw rules do you need to have a rule which allows Tep communication between the transport nodes ?
Excellent question.. The DFW rules only apply to VM's and not the hosts.. Have a good one
@@TechUnGlued great content chap ❤️
@@TechUnGlued I’m assume that’s the same for rtep
@@superstanmanrichards8391 You are correct..
Thank you ❤
You're welcome 😊