You can edit the auto-created forwarding policies or add new ones.
Starting in
NSX-T Data Center 3.1.1, you can utilize AWS Transit Gateway for micro-segmentation of your workload VMs in your VPCs after you create the following forwarding policy to route all your networking traffic using the AWS underlay network.
| Option | Value |
|---|---|
| Sources | A Group or a set of groups in NSX Manager containing all NSX-managed VMs from your Transit and Compute VPCs connected using the AWS Transit Gateway. |
| Destinations | All (0.0.0.0/0) |
| Services | Any |
| Action | Route to Underlay |
See more details at Using PCG with AWS Transit Gateway in the NSX-T Data Center Installation Guide.
The following settings are explained through the example use case: forwarding policy for services provided by the public cloud, such as S3 by AWS. Create a policy to allow a set of IP addresses to access this service by being routed through underlay.
Prerequisites
You must have a VPC or VNet with a PCG deployed on it.
Procedure
- Click Add Section. Name the section appropriately, for example, AWS Services.
- Select the check box next to the section and click Add Rule. Name the rule, for example, S3 Rules.
- In the Sources tab, select the VPC or VNet where you have the workload VMs to which you want to provide the service access, for example, the AWS VPC. You can also create a Group here to include multiple VMs matching one or more criteria.
- In the Destinations tab, select the VPC or VNet where the service is hosted, for example, a Group that contains the IP address of the S3 service in AWS.
- In the Services tab, select the service from the drop-down menu. If the service does not exist, you can add it. You can also leave the selection to Any because you can provide the routing details under Destinations.
- In the Action tab, select how you want the routing to work, for example, select Route to Underlay if setting up this policy for the AWS S3 service.
- Click Publish to finish setting up the Forwarding Policy.
