vSphere vNetwork

 View Only
  • 1.  Traffic Filtering samples

    Posted Nov 25, 2020 12:54 AM

     

    Hi,

    I want to restrict my port group to work like this:

    - Outgoing requests always released
    - Entry requests are restricted to some standard ports, such as:

    - 135, 137, 445 and etc. from any source.

    So should I create a drop all rule at the end and above rules releasing all ports that I need to release?

    Thanks.



  • 2.  RE: Traffic Filtering samples

    Broadcom Employee
    Posted Nov 25, 2020 07:03 AM

     
    Is this an NSX question or a vSphere question?

    The firewall management in vSphere relates only to traffic for ESXi and vCenter Server, not VMs and whatever OS/apps/services they run.



  • 3.  RE: Traffic Filtering samples

    Posted Nov 25, 2020 12:09 PM

    Hi,

    I mean the traffic rules of the vCenter distributed switch.

    I will apply restriction filters for communication between networks.

    Each porgroup has a VLAN, where there are VMs connected to it.

    I want to apply an input filter saying:

    - Access to port 137 TCP released from any source
    - Access to port 445 TCP released from any source
    - UDP port 123 source access only released from domain controllers
    - Drop All

    Is this logic right?

    Thanks.



  • 4.  RE: Traffic Filtering samples

    Posted Nov 25, 2020 07:42 PM

    Hi,

    I created a rule with priority 2 to drop all and I created a rule with priority 1 to release RDP access (3389).

    I can't connect.

    Thanks.