1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up a VM-Series NSX Edition Firewall
    5. Steer Traffic from Guests that are not Running VMware Tools
    Previous
    Next
    VMware Tools contains a utility that allows the NSX Manager to collect the IP address(es) of each guest running in the cluster. NSX Manager uses the IP address as a match criterion to steer traffic to the VM-Series firewall. If you do not have VMware tools installed on each guest, the IP address(es) of the guest is unavailable to the NSX Manager and traffic cannot be steered to the VM-Series firewall.
    The following steps allow you to manually provision guests without VMware Tools so that traffic from each of these guests can be managed by the VM-Series firewall.
    Steer Traffic from Guests that are not Running VMware Tools
    Create an IP set that includes the guests that need to be secured by the VM-Series firewall. This IP set will be used as the source or destination object in an NSX distributed firewall rule in Step 2 below. Select NSX Managers > Manage > Grouping Objects > IP Sets. Click Add and enter the IP address of each guest that does not have VMware tools installed, and needs to be secured by the VM-Series firewall. Use commas to separate individual IP addresses; IP ranges or subnets are not valid.
    Attach the IP sets to the Security Groups on NSX, to enforce policy. Select Networking and Security > Service Composer > Security Groups. Select Select objects to includ e > IP Sets, add the IP set object to include.
    Previous
    Next

    Related Documentation

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo