1. Articles
  2. Hosted Private Cloud
  3. Hosted Private Cloud powered by VMware
  4. VMware NSX

Articles in this section

See more

Gateway Firewall Management in NSX

Avatar
Stephanie Richards
  • Updated
Follow

Gateway Firewall allows filtering between internal segments and the network outside the incoming or outgoing cluster.

It works on the North-South (Tier-0 Gateways) and East-West (Tier-1 Gateways) gateways if the source or destination is not inside the cluster.

If you want to create filtering rules between internal segments, you will need to use distributed firewall using our guide on distributed firewall management.

Learn how to manage gateway firewalls.

Requirements

Instructions

We will create a strategy to improve the visibility and administration of rules based on their usefulness.

Next, we will add a rule within our strategy that blocks access to the entire external network of a cluster from a group that contains a segment (you can use our Distributed Firewall Management guide to create groups) and any for the destination.

Go to the Security tab, select Gateway Firewall and click + ADD POLICY.

gatewayfirewall01.jpeg

 

Select ovh-T0-gw to the right of Gateway.

  • Name your policy my policy below the Name column.
  • Click the three vertical dots to the left of your policy.

gatewayfirewall02.jpeg

 

Click Add Rule in the menu.

gatewayfirewall03.jpeg

 

Name your rule block segment1 to any below the Name column.

gatewayfirewall04.jpeg

 

Click on the pen to the right of "Any" in the Source column.

gatewayfirewall05.jpeg

 

Stay in the Groups tab, select the g-segment01 group and click APPLY.

gatewayfirewall06.jpeg

 

Choose Drop under the Action column and click PUBLISH.

gatewayfirewall07.jpeg

Your rule is active on the ovh-T0-gw gateway, it blocks all outgoing traffic from members of the g-segment01 group.

Conclusion

Having read this guide, you should be able to create a strategy to improve the administration of rules based on their usefulness as well as add a rule within that strategy that blocks access to the entire external network of a cluster from a group that contains a segment and any for the destination.

Related articles