VMware NSX

 View Only
  • 1.  Firewall rules for NSX across 2 vCentres

    Posted May 12, 2016 02:03 PM

    I have 2 vCentres, 1 in each physical site,  in linked mode and running NSX (only DFW component) on both of them. In each site, the ESX hosts in the clusters where I installed NSX are behind a firewall so I found this doc to get the required ports:

    VMware NSX 6.2 for vSphere Documentation Center

    I now have the ports open for the NSX Managers/vCentre server/ESX hosts on each site, i.e. rules allow NSX Manager/vCentre/ESX hosts to communicate within site 1 only.

    I have similar firewall rules for site 2.

    My question is, do I need firewall rules to allow the NSX Manager in site 1 to communicate with the vCentre and ESX hosts in site 2, and vice versa?

    Thanks for any help.



  • 2.  RE: Firewall rules for NSX across 2 vCentres
    Best Answer

    Posted May 13, 2016 09:53 PM

    Take a look at the Appendix in the latest version of the hardening guide - the've updated it with some cross-VC stuff.  You need the Primary and any Secondary NSX Managers to communicate for universal sync, both Managers to communicate with the Universal Controller Cluster (on site 1) and hosts on site 1 and 2 to be able to communicate with the UCC but I don't believe you need your site 2 vCenter/Hosts to communicate with the site 1 NSX Manager if I'm reading it correctly.

    NSX-v 6.2.x - Security Hardening Guide (Published version 1.5)



  • 3.  RE: Firewall rules for NSX across 2 vCentres

    Posted May 16, 2016 01:23 PM

    Thanks a lot for the info, that's answered my question.