With time windows, security administrators can restrict traffic from a source or to a destination, for a specific time period.
Time windows apply to a firewall policy section and all the rules in it. Each firewall policy section can have one time window. The same time window can be applied to more than one policy section. If you want the same rule applied on different days or different times for different sites, you must create more than one policy section. Time-based rules are available for distributed and gateway firewalls.
Network Time Protocol (NTP) service must be running on each transport node when using time-based rule publishing. See Configuring Appliances.
If a time-zone is changed on the edge transport node after the node is deployed, reload the edge node or restart the data plane for time-based gateway firewall policy to take effect.
Create a firewall policy.
- Click the clock icon on the firewall policy you want to have a time window.
A time window appears.
- Click Add New Time Window and enter a name.
- Select a time zone: UTC (Coordinated Universal Time), or the local time of the transport node. Distributed firewall only supports UTC with NTP service enabled, a change of time zone configuration is not supported on ESXi hosts.
- Select the frequency of the time window - Weekly or One time.
- Select the days of the week that the time window takes effect.
NSX-T Data Center supports configuring weekly UTC time-windows for the local time-zone, when the entire time-window for the local time-zone is within the same day as the UTC time-zone. For example, you cannot configure a time window in UTC for a 7am-7pm PDT, which maps to UTC 2pm-2am of the next day.
- Select the beginning and ending dates for the time window, and the times the window will be in effect.
- Click Save.
- Click the check box next to the policy section you want to have a time window. Then click the clock icon.
- Select the time window you want to apply, and click Apply.
- Click Publish. The clock icon for the section turns green.
For the first publication of a time-based rule, the time is taken, and rule enforcement begins at less than 2 minutes. After the rules are deployed, enforcement as per time window, is instantaneous.