Direct Traffic to the VM-Series Firewall

Complete the following procedure to direct traffic to your VM-Series firewall. For North-South traffic, redirection rules are stateless by default and cannot be changed. Additionally, NSX-T automatically creates a corresponding reflexive rule for return traffic.
When you deploy the VM-Series firewall for NSX-T North-South in HA mode, you must create a traffic redirection rule for both HA peers. Additionally, you must create the redirection rule for active peer first and the passive peer second.
The reflexive rule does not appear in the NSX-T web interface.
  1. Log in to NSX-T Manager.
  2. Verify that your are in
    Policy
    mode.
  3. Select
    Security
    North South Security
    Network Introspection (N-S)
    .
  4. Click
    Add Policy
    .
  5. Enter a descriptive
    Name
    for your policy.
  6. Select a VM-Series firewall service instance from the
    Redirect To
    drop-down. NSX-T Manager will automatically populate the
    Applied To
    field based on the service instance you select.
  7. Select your newly created policy.
  8. Click
    Add Rule
    .
    If your NSX-T environment has Edge Nodes in active-standby HA, you must create a redirect rule for each Edge Node. NSX-T does not automatically apply a redirect rule to the standby node in the event of a failover.
  9. Click on the
    Name
    field and enter a descriptive name for the rule.
  10. By default, the source is set to Any. Complete the following steps to specify a different source.
    1. Click on the edit button in the
      Source
      column.
    2. Select the group or groups to set as the Source or click Add Group to create a new group.
    3. Click
      Apply
      .
      nsxt-traffic-redirection-specify-source-3.0.png
  11. By default, the destination is set to Any. Complete the following steps to specify a different destination.
    1. Click on the edit button in the
      Destination
      column.
    2. Select the group or groups to set as the Destination or click Add Group to create a new group.
    3. Click
      Apply
      .
      nsxt-traffic-redirection-specify-dest-3.0.png
  12. By default, Any service is redirected to the firewall. Complete the following steps to specify certain services and protocols.
    1. Click on the edit button in the
      Services
      column.
    2. Select the group or groups to set as the Service or click Add Service to create a new service.
    3. Click
      Apply
      .
  13. Select
    Redirect
    from the
    Action
    drop-down to send traffic to your VM-Series firewall.
  14. Enable
    the rule. NSX-T Manager publishes the redirection rule you just created and automatically creates a reflexive rule for return traffic. The reflexive rule does not appear in the NSX-T Manager web interface.
    nsxt-traffic-redirection-enable-rule-3.0.png
  15. If your VM-Series firewalls are deployed in HA, create another rule for the passive HA peer.
    If return traffic is not directed to the VM-Series firewall, manually configure a traffic redirection rule for return traffic.

Recommended For You