When you configure east-west network introspection or you want to redirect packets from the uplink of an NSX Edge to the service chain, create a service segment.

Prerequisites

• If you are configuring east-west service chaining to redirect packets from the uplink of an NSX Edge to the service chain, create a Tier-0 and or Tier-1 gateway. The segment is later connected to the Tier-0 and or Tier-1 gateway.

Procedure

1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
2. Click Security > Settings > Network Introspection Settings > Service Segment > Add Service Segment.
3. Click Add Service Segment.
4. In the Name field, enter a name for the segment.
5. In the Transport Zone (Overlay) field, select an overlay transport zone that is associated to the segment.
6. In the Connected To field, do one of the following:
   • Leave the field blank if you are configuring east-west network introspection to protect guest VMs by third-party security vendors.
   • Select a Tier-0 or Tier-1 gateway if you are configuring an east-west service chaining to redirect packets from the uplink of an NSX Edge to the service chain.
7. Click Save.

Results

The Status column displays the status of the service segment.