Direct Traffic to the VM-Series Firewall
Complete the following procedure to direct
traffic to your VM-Series firewall. For North-South traffic, redirection
rules are stateless by default and cannot be changed. Additionally,
NSX-T automatically creates a corresponding reflexive rule for return traffic.
The
reflexive rule does not appear in the NSX-T web interface.
- Log in to NSX-T Manager.
- Select .
- Select your service instance and clickTraffic Redirection.
- Click the first default redirection rule.
- ClickAdd Sectionand selectAdd Section Abovefrom the drop-down.
- Enter a descriptiveSection Name.
- ClickOK.
- Select your newly created section.
- ClickAdd Rule.If your NSX-T environment has Edge Nodes in active-standby HA, you must create a redirect rule for each Edge Node. NSX-T does not automatically apply a redirect rule to the standby node in the event of a failover.
- Click on theNamefield and enter a descriptive name for the rule.
- By default, the source is set to Any. Complete the following steps to specify a different source.
- Click on the edit button (
) in the source
column and click Edit Rule Source/Extended Source. - To specify container objects, clickContainer Objects.
- Select anObject Typefrom the drop-down.
- Select the anAvailable Objects.
- Move the select objects to the Selected Objects column.
- To specify IP Addresses, clickIP Addresses.
- ClickAdd.
- Enter an IP address or IP address range.
- ClickOK.
- By default, the destination is set to Any. Complete the following steps to specify a different destination.
- Click on the edit button (
) in the destination
column and click Edit Rule Destination.
- To specify container objects, clickContainer Objects.
- Select anObject Typefrom the drop-down.
- Select the anAvailable Objects.
- Move the select objects to the Selected Objects column.
- To specify IP Addresses, clickIP Addresses.
- ClickAdd.
- Enter an IP address or IP address range.
- ClickOK.
- By default, Any service is redirected to the firewall. Complete the following steps to specify certain services and protocols.
- Click on the edit button (
) in the destination
column and click Edit Rule Service.
- To specify container objects, clickService/Service Groups.
- Select anyAvailable Objects.
- Move the select objects to the Selected Objects column.
- To specify IP Addresses, click Raw Port-Protocols.
- ClickAdd.
- Select aType of Servicefrom the drop-down.
- Select aProtocolfrom the drop-down.
- Depending on the type of service and protocol you choose, there might be additional information required. Complete any additional fields.
- ClickOK.
- ClickOK.
- Click theApplied Tofield and select the router to which the VM-Series firewall is attached from the drop-down.
- SelectRedirectfrom theActiondrop-down to send traffic to your VM-Series firewall.
- Enablethe rule.
- ClickPublish. NSX-T Manager publishes the redirection rule you just created and automatically creates a reflexive rule for return traffic. The reflexive rule does not appear in the NSX-T Manager web interface.If return traffic is not directed to the VM-Series firewall, manually configure a traffic redirection rule for return traffic.
