Create Steering Rules on NSX-V Manager

Do not apply the traffic redirection policies unless you understand how rules work on the NSX-V Manager as well as on the VM-Series firewall and Panorama. The default policy on the VM-Series firewall is set to deny all traffic, which means that all traffic redirected to the VM-Series firewall will be dropped. To create policies on Panorama and push them to the VM-Series firewall, see Apply Security Policies to the VM-Series Firewall.
  1. Select
    Networking and Security
    Service Composer
    Security Policies
    and click
    Create Security Policy
    ( nsx_create_security_policy.png ).
  2. Add a rule
    Name
    .
  3. Add a network introspective service.
    1. Select
      Network Introspection Service
      and click the green plus icon.
    2. Name
      the network introspection service and add a
      Description
      .
    3. Select
      Redirect to Service
      under Action.
    4. Select your service definition under Service Name.
    5. Select you service profile under Profile.
    6. Select a
      Source
      and a
      Destination
      . By default, traffic source is set to Policy’s Security Groups. This option dynamically includes all security groups where this policy is applied. Alternatively, you can choose to have traffic from any source redirected to the firewall or specify certain security groups. However, vSphere requires that Source or Destination (or bother) be set Policy’s Security Group. If you select Any or specific security groups for Destination, then Source must be set to Policy’s Security Group.
    7. (Optional) Select specific network services to be redirected to the firewall. If you choose any service or services, all other traffic will not be redirect to the firewall.
    8. Click
      OK
      .
    9. Repeat steps 1 through 6 to add additional network introspection services.
    10. Click
      Finish
      to save your configuration.
    nsx_network_introspection_service.png
  4. Apply redirection policy to security groups.
    1. Highlight a security policy by clicking it.
    2. Select
      Networking and Security
      Service Composer
      Security Policies
      and click Apply Security Policy ( nsx_apply_security_policy.png ).
    3. Apply the redirection rules by checking all appropriate zones.
    4. Click
      OK
      .

Related Documentation