The use of the NSX-T Data Center gateway firewall requires additional evaluation. This guidance does not cover the use of the gateway firewall to protect components deployed on overlay port groups. You can use the NSX-T Data Center gateway firewall to protect vRealize Automation and vRealize Operations Manager. Such configurations must be additionally evaluated based on your architecture. Similary, the edge configurations must be evaluated if you deploy an NSX-T Edge cluster.
The following configurations are not officially tested with VMware Cloud Foundation. These configurations are included as optional and site-specific only.
| Product |
Configuration |
Context for Evaluating the Configuration |
|---|---|---|
| NSX-T Data Center (Gateway Firewall configurations) |
Multiple configurations for the NSX-T Data Center gateway firewall. |
The gateway firewall protects components deployed on overlay port groups such as vRealize Automation or vRealize Operations Manager. The scope of the compliance kit includes ESXi, vCenter Server, vSAN, NSX Manager, and SDDC Manager, which are not deployed on overlay port groups. If you use vRealize Suite products, you must reevaluated this configuration. |
| NSX-T Data Center (Edge configurations) |
|
Application Virtual Networks (AVN)s, which include the NSX Edge Cluster and NSX network segments, are no longer deployed and configured during bring-up. Instead they are implemented as a Day-N operations in SDDC Manager, providing greater flexibility. These configurations should be reevaluated if you plan to deploy NSX-T edges in your environment. |
