Use NSX IPFIX and Port Mirroring functionality to monitor and troubleshoot SDDC networking and security.

By default, SDDC ESXi hosts have access to the overlay network, allowing them to communicate with monitoring and troubleshooting applications deployed as VM workloads in your SDDC. However, you must configure the firewall to allow traffic between the ESXi hosts and the logical segment the workload VMs are attached to. See Creating Firewall Rules to Manage Traffic Between the Compute and Management Networks.

To troubleshoot and monitor SDDC networking and security, you can also use Live Traffic Analysis and Traceflow. For more information, see Live Traffic Analysis and Traceflow in the NSX Administration guide.