Introduction
VMware NSX has two types of firewall, namely the NSX Edge Firewall and the NSX Distributed Firewall(DFW). The Edge Firewall is optimized for north-south (client to server) traffic whereas the DFW is optimized for east-west (server-to-server) traffic:
In this chapter, we will be focusing on the NSX DFW. NSX DFW enables the creation of small segments (microsegments) in virtualized environments through VMware NSX DFW native technology as well as integration (service-chaining) with third-party vendors. The NSX DFW is implemented in the vSphere hypervisor, and rules are enforced on each virtual machine's network adapter or virtual Network Interface Card (vNIC) regardless of how the virtual machine is connected (VLAN or VXLAN) or where it resides.
Note
DFW functionality is independent of the network type whether it is on a VXLAN-backed PortGroup (logical switch) or a VLAN-backed PortGroup. Virtual machines must be connected to the vDS to use NSX services and features. The NSX DFW functionality...