Configuring an Edge Firewall
In addition to the NSX Distributed Firewall, NSX also provides firewall functionality on the NSX ESG. The Edge can perform layer 2 to layer 4 firewalling, and is intended to complement the Distributed Firewall to restrict north/south flows from a logical networking segment.
In this recipe, we will configure a single firewall rule on the NSX ESG to allow SSH access from a virtual machine. The following diagram depicts the topology for this recipe and the ESG where the firewall rule will be configured:
Getting ready
To configure the ESG for firewall rules, the following prerequisites must be met:
- User with NSX Enterprise Administrator or NSX Administrator role
- Newly-deployed NSX edge to configure the firewall on; we will use a pre-created edge named
Chapter5
for this recipe - ESXi cluster where the the NSX edge will be deployed to; it must be prepared for NSX
- Target ESXi hosts must have sufficient capacity to run the ESG virtual machine
How to do it...
The following steps...