VMware NSX

 View Only
  • 1.  About distributed logical router ACL

    Posted Apr 12, 2018 08:40 AM

    Is it correct that the ACL of the distributed logical router is not adapted to communication passing through the distributed logical router?

    Is it written on this site correct?


    Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection.

  • 2.  RE: About distributed logical router ACL
    Best Answer

    Broadcom Employee
    Posted Apr 12, 2018 09:14 AM

    That is correct , DLR firewall rule is limited to control/management plane traffic it is not for data plane traffic . Any peering device(Ideally edges) to communicate(For establishing adjacency) with DLR we need a firewall rule also if are in need of  SSH access to DLR control VM ,we can write a rule and publish it. For E-W and N-S firewall rule creation DFW and Edge firewall rules are the right candidates.

  • 3.  RE: About distributed logical router ACL

    Posted Apr 12, 2018 09:40 AM