Create Steering Rules on NSX Manager

Do not apply the traffic redirection policies unless you understand how rules work on the NSX Manager as well as on the VM-Series firewall and Panorama. The default policy on the VM-Series firewall is set to deny all traffic, which means that all traffic redirected to the VM-Series firewall will be dropped. To create policies on Panorama and push them to the VM-Series firewall, see Apply Security Policies to the VM-Series Firewall.
  1. Select Networking and SecurityService ComposerSecurity Policies and click Create Security Policy ( nsx_create_security_policy.png ).
  2. Add a rule Name.
  3. Add a network introspective service.
    1. Select Network Introspection Service and click the green plus icon.
    2. Name the network introspection service and add a Description.
    3. Select Redirect to Service under Action.
    4. Select your service definition under Service Name.
    5. Select you service profile under Profile.
    6. Select a Source and a Destination. By default, traffic source is set to Policy’s Security Groups. This option dynamically includes all security groups where this policy is applied. Alternatively, you can choose to have traffic from any source redirected to the firewall or specify certain security groups. However, vSphere requires that Source or Destination (or bother) be set Policy’s Security Group. If you select Any or specific security groups for Destination, then Source must be set to Policy’s Security Group.
    7. (Optional) Select specific network services to be redirected to the firewall. If you choose any service or services, all other traffic will not be redirect to the firewall.
    8. Click OK.
    9. Repeat steps 1 through 6 to add additional network introspection services.
    10. Click Finish to save your configuration.
  4. Apply redirection policy to security groups.
    1. Highlight a security policy by clicking it.
    2. Select Networking and SecurityService ComposerSecurity Policies and click Apply Security Policy ( nsx_apply_security_policy.png ).
    3. Apply the redirection rules by checking all appropriate zones.
    4. Click OK.

Related Documentation