To control the incoming and outgoing network traffic to and from an NSX-T Edge Gateway, you create firewall rules.

Procedure

  1. Navigate to Networking > Edges.
  2. Click the edge gateway and click Services.
  3. If the Firewall screen is not already visible, click the Firewall tab.
  4. Click Edit Rules.
  5. Select a firewall rule and click the Add Above button.
    A row for the new rule is added above the selected rule.
  6. Configure the firewall rule.
    Option Description
    Name Enter a name for the rule.
    State To enable the rule upon creation, turn on the State toggle.
    Applications (Optional) To select a specific port profile to which the rule applies, turn on the Applications toggle and click Save.
    Source Select an option and click Keep.
    • To allow or deny traffic from any source address, turn on the Any Source toggle.
    • To allow or deny traffic from specific firewall groups, select the firewall groups from the list.
    Destination Select an option and click Keep.
    • To allow or deny traffic to any source address, toggle on Any Destination .
    • To allow or deny traffic from specific firewall groups, select the firewall groups from the list.
    Action From the Action drop-down menu, select an option.
    • To allow traffic from or to the specified sources, destinations, and services, select Accept.
    • To block traffic from or to the specified sources, destinations, and services, select Deny.
    IP Protocol Select whether to apply the rule to IPv4 or IPv6 traffic.
    Direction Select the traffic direction to which to apply the rule.
    Enable logging. To have the address translation performed by this rule logged, turn on the Enable logging toggle.
  7. Click Save.
  8. To configure additional rules, repeat these steps.

Results

After the firewall rules are created, they appear in the Edge Gateway Firewall Rules list. You can move up, move down, edit, or delete the rules as needed.