1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on VMware NSX
    5. Set Up the VM-Series Firewall on VMware NSX-T (North-South)
    6. Deploy the VM-Series Firewall on NSX-T (North-South)
    7. Direct Traffic to the VM-Series Firewall

    Direct Traffic to the VM-Series Firewall

    Complete the following procedure to direct traffic to your VM-Series firewall. For North-South traffic, redirection rules are stateless by default and cannot be changed. Additionally, NSX-T automatically creates a corresponding reflexive rule for return traffic.
    When you deploy the VM-Series firewall for NSX-T North-South in HA mode, you must create a traffic redirection rule for both HA peers. Additionally, you must create the redirection rule for active peer first and the passive peer second.
    The reflexive rule does not appear in the NSX-T web interface.
    1. Log in to NSX-T Manager.
    2. Verify that your are in
      Policy
       mode.
    3. Select
      Security
      North South Security
      Network Introspection (N-S)
      .
    4. Click
      Add Policy
      .
    5. Enter a descriptive
      Name
       for your policy.
    6. Select a VM-Series firewall service instance from the
      Redirect To
       drop-down. NSX-T Manager will automatically populate the
      Applied To
       field based on the service instance you select.
    7. Select your newly created policy.
    8. Click
      Add Rule
      .
      If your NSX-T environment has Edge Nodes in active-standby HA, you must create a redirect rule for each Edge Node. NSX-T does not automatically apply a redirect rule to the standby node in the event of a failover.
    9. Click on the
      Name
       field and enter a descriptive name for the rule.
    10. By default, the source is set to Any. Complete the following steps to specify a different source.
      1. Click on the edit button in the
        Source
         column.
      2. Select the group or groups to set as the Source or click Add Group to create a new group.
      3. Click
        Apply
        .
    11. By default, the destination is set to Any. Complete the following steps to specify a different destination.
      1. Click on the edit button in the
        Destination
         column.
      2. Select the group or groups to set as the Destination or click Add Group to create a new group.
      3. Click
        Apply
        .
    12. By default, Any service is redirected to the firewall. Complete the following steps to specify certain services and protocols.
      1. Click on the edit button in the
        Services
         column.
      2. Select the group or groups to set as the Service or click Add Service to create a new service.
      3. Click
        Apply
        .
    13. Select
      Redirect
       from the
      Action
       drop-down to send traffic to your VM-Series firewall.
    14. Enable
       the rule. NSX-T Manager publishes the redirection rule you just created and automatically creates a reflexive rule for return traffic. The reflexive rule does not appear in the NSX-T Manager web interface.
    15. If your VM-Series firewalls are deployed in HA, create another rule for the passive HA peer.
      If return traffic is not directed to the VM-Series firewall, manually configure a traffic redirection rule for return traffic.

    Recommended For You

    Recommended Videos

    Recommended videos not found.