Verwaltung der Gateway Firewall in NSX (EN)
276 Ansichten
27.02.2023 
Cloud / VMware
Objective
Gateway Firewall allows filtering between internal segments and the network outside the incoming or outgoing cluster.
It works on the North-South (Tier-0 Gateways) and East-West (Tier-1 Gateways) gateways if the source or destination is not inside the cluster.
If you want to create filtering rules between internal segments, you will need to use distributed firewall using our guide on distributed firewall management.
Learn how to manage gateway firewalls.
OVHcloud provides services for which you are responsible, with regard to their configuration and management. It is therefore your responsibility to ensure that they work properly.
This guide is designed to assist you as much as possible with common tasks. However, we recommend contacting a specialist provider if you experience any difficulties or doubts when it comes to managing, using or setting up a service on a server.
Requirements
- Being an administrative contact of your Hosted Private Cloud infrastructure to receive login credentials.
- A user account with access to the OVHcloud Control Panel.
- Having NSX deployed with one segment configured in your NSX configuration. You can use our guide on segment management in NSX for more information.
Instructions
We will create a strategy to improve the visibility and administration of rules based on their usefulness.
Next, we will add a rule within our strategy that blocks access to the entire external network of a cluster from a group that contains a segment (you can use our Distributed Firewall Management guide to create groups) and any for the destination.
Go to the Security tab, select Gateway Firewall and click + ADD POLICY.
Select ovh-T0-gw to the right of Gateway, name your policy my policy below the Name column and click the three vertical dots to the left of your policy.
Click Add Rule in the menu.
Name your rule block segment1 to any below the Name column.
Click on the pen to the right of "Any" in the Source column.
Stay in the Group tab, select the g-segment1 group and click APPLY.
Choose Drop under the Action column and click PUBLISH.
Your rule is active on the ovh-T0-gw gateway, it blocks all outgoing traffic from members of the g-segment01 group.
Go further
Distributed Firewall management.
VMware Gateway Firewall in NSX Documentation
If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for a custom analysis of your project.
Join our community of users on https://community.ovh.com/en/.
Setting up an IPsec Tunnel with NSX (EN)
265