Do not apply the traffic redirection policies
unless you understand how rules work on the NSX-V Manager as well
as on the VM-Series firewall and Panorama. The default policy on
the VM-Series firewall is set to deny all traffic, which means that
all traffic redirected to the VM-Series firewall will be dropped.
To create policies on Panorama and push them to the VM-Series firewall,
Security Policies to the VM-Series Firewall.
Add a rule
Add a network introspective service.
and click the green plus icon.
the network introspection
service and add a
Redirect to Service
Select your service definition under Service Name.
Select you service profile under Profile.
By default, traffic source is set to Policy’s Security Groups. This
option dynamically includes all security groups where this policy
is applied. Alternatively, you can choose to have traffic from any
source redirected to the firewall or specify certain security groups.
However, vSphere requires that Source or Destination (or bother)
be set Policy’s Security Group. If you select Any or specific security
groups for Destination, then Source must be set to Policy’s Security
(Optional) Select specific network services to be
redirected to the firewall. If you choose any service or services,
all other traffic will not be redirect to the firewall.
Repeat steps 1 through 6 to add additional network
to save your configuration.
Apply redirection policy to security groups.
Highlight a security policy by clicking
Networking and Security
click Apply Security Policy (
Apply the redirection rules by checking all appropriate