VMware NSX

 View Only
  • 1.  About distributed logical router ACL

    Posted Apr 12, 2018 08:40 AM

    Is it correct that the ACL of the distributed logical router is not adapted to communication passing through the distributed logical router?

    Is it written on this site correct?

    https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-178B11B8-FEB1-49B8-B6FF-D069C41EEB32.html

    Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection.



  • 2.  RE: About distributed logical router ACL
    Best Answer

    Broadcom Employee
    Posted Apr 12, 2018 09:14 AM

    That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.



  • 3.  RE: About distributed logical router ACL

    Posted Apr 12, 2018 09:40 AM

    Thankyou!