Complete the following procedure to direct
traffic to your VM-Series firewall. For North-South traffic, redirection
rules are stateless by default and cannot be changed. Additionally,
NSX-T automatically creates a corresponding reflexive rule for return
traffic.
When you deploy the VM-Series firewall for NSX-T
North-South in HA mode, you must create a traffic redirection rule
for both HA peers. Additionally, you must create the redirection
rule for active peer first and the passive peer second.
The
reflexive rule does not appear in the NSX-T web interface.
Log in to NSX-T Manager.
Verify that your are in
Policy
mode.
Select
Security
North South Security
Network Introspection (N-S)
.
Click
Add Policy
.
Enter a descriptive
Name
for your
policy.
Select a VM-Series firewall service instance from the
Redirect
To
drop-down. NSX-T Manager will automatically populate
the
Applied To
field based on the service
instance you select.
Select your newly created policy.
Click
Add Rule
.
If your NSX-T environment has Edge Nodes in active-standby
HA, you must create a redirect rule for each Edge Node. NSX-T does
not automatically apply a redirect rule to the standby node in the
event of a failover.
Click on the
Name
field and enter
a descriptive name for the rule.
By default, the source is set to Any. Complete the following
steps to specify a different source.
Click on the edit button in the
Source
column.
Select the group or groups to set as the Source or
click Add Group to create a new group.
Click
Apply
.
By default, the destination is set to Any. Complete the
following steps to specify a different destination.
Click on the edit button in the
Destination
column.
Select the group or groups to set as the Destination
or click Add Group to create a new group.
Click
Apply
.
By default, Any service is redirected to the firewall.
Complete the following steps to specify certain services and protocols.
Click on the edit button in the
Services
column.
Select the group or groups to set as the Service or
click Add Service to create a new service.
Click
Apply
.
Select
Redirect
from the
Action
drop-down
to send traffic to your VM-Series firewall.
Enable
the rule. NSX-T Manager
publishes the redirection rule you just created and automatically
creates a reflexive rule for return traffic. The reflexive rule
does not appear in the NSX-T Manager web interface.
If your VM-Series firewalls are deployed in HA, create
another rule for the passive HA peer.
If return traffic is not directed to the VM-Series
firewall, manually configure a traffic redirection rule for return
traffic.