How DFW rules are enforced:
DFW
rules are enforced in top-to-bottom ordering. Each packet is checked
against the top rule in the rule table before moving down the subsequent
rules in the table. The first rule in the table that matches the traffic parameters is enforced Because
of this behavior, when writing DFW rules, it is always recommended to
put the most granular policies at the top of the rule table. This is the
best way to ensure they will be enforced before any other rule.
Step 1:
Double click on the NSX plugin and select Firewall on the left side. Click on the Green Plus Sign to add a rule. Rules need a name, a service/s to accept or reject, a source and a destination. In this case, the rule is called "Reject Ping"
Step 2:
Next, select the source. The source could be a cluster, a vm, a vnic, etc.
Step 3:
Select the destination. In this case another vm is selected.
Step 4:
Select the service to allow, block or reject.
Step 5:
Select the action and direction. In this case, Reject and both in/out were selected.
Step 6:
Once finished populating all the fields, don't forget to Publish the changes.
Step 7:
Test the rule. Notice the ping from this vm is simply rejected by the firewall.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.