Direct Traffic to the VM-Series Firewall

Complete the following procedure to direct traffic to your VM-Series firewall. For North-South traffic, redirection rules are stateless by default and cannot be changed. Additionally, NSX-T automatically creates a corresponding reflexive rule for return traffic.
The reflexive rule does not appear in the NSX-T web interface.
  1. Log in to NSX-T Manager.
  2. Select
    Advanced Networking & Security
    Partner Services
    Service Instances
    .
  3. Select your service instance and click
    Traffic Redirection
    .
  4. Click the first default redirection rule.
  5. Click
    Add Section
    and select
    Add Section Above
    from the drop-down.
  6. Enter a descriptive
    Section Name
    .
  7. Click
    OK
    .
  8. Select your newly created section.
  9. Click
    Add Rule
    .
    If your NSX-T environment has Edge Nodes in active-standby HA, you must create a redirect rule for each Edge Node. NSX-T does not automatically apply a redirect rule to the standby node in the event of a failover.
  10. Click on the
    Name
    field and enter a descriptive name for the rule.
    nsxt-traffic-redirection-name.png
  11. By default, the source is set to Any. Complete the following steps to specify a different source.
    1. Click on the edit button ( nsxt-traffic-redirection-edit-button.png ) in the source column and click
      Edit Rule Source/Extended Source
      .
    2. To specify container objects, click
      Container Objects
      .
      1. Select an
        Object Type
        from the drop-down.
      2. Select the an
        Available Objects
        .
      3. Move the select objects to the Selected Objects column.
    3. To specify IP Addresses, click
      IP Addresses
      .
      1. Click
        Add
        .
      2. Enter an IP address or IP address range.
    4. Click
      OK
      .
      nsxt-traffic-redirection-specify-source.png
  12. By default, the destination is set to Any. Complete the following steps to specify a different destination.
    1. Click on the edit button ( nsxt-traffic-redirection-edit-button.png ) in the destination column and click
      Edit Rule Destination
      .
    2. To specify container objects, click
      Container Objects
      .
      1. Select an
        Object Type
        from the drop-down.
      2. Select the an
        Available Objects
        .
      3. Move the select objects to the Selected Objects column.
    3. To specify IP Addresses, click
      IP Addresses
      .
      1. Click
        Add
        .
      2. Enter an IP address or IP address range.
    4. Click
      OK
      .
      nsxt-traffic-redirection-specify-dest.png
  13. By default, Any service is redirected to the firewall. Complete the following steps to specify certain services and protocols.
    1. Click on the edit button ( nsxt-traffic-redirection-edit-button.png ) in the destination column and click
      Edit Rule Service
      .
    2. To specify container objects, click
      Service/Service Groups
      .
      1. Select any
        Available Objects
        .
      2. Move the select objects to the Selected Objects column.
    3. To specify IP Addresses, click Raw Port-Protocols.
      1. Click
        Add
        .
      2. Select a
        Type of Service
        from the drop-down.
      3. Select a
        Protocol
        from the drop-down.
      4. Depending on the type of service and protocol you choose, there might be additional information required. Complete any additional fields.
      5. Click
        OK
        .
    4. Click
      OK
      .
      nsxt-traffic-redirection-specify-service.png
  14. Click the
    Applied To
    field and select the router to which the VM-Series firewall is attached from the drop-down.
    nsxt-traffic-redirection-specify-device-to-apply-rule.png
  15. Select
    Redirect
    from the
    Action
    drop-down to send traffic to your VM-Series firewall.
    nsxt-traffic-redirection-specify-action.png
  16. Enable
    the rule.
    nsxt-traffic-redirection-enable-rule.png
  17. Click
    Publish
    . NSX-T Manager publishes the redirection rule you just created and automatically creates a reflexive rule for return traffic. The reflexive rule does not appear in the NSX-T Manager web interface.
    If return traffic is not directed to the VM-Series firewall, manually configure a traffic redirection rule for return traffic.

Recommended For You