A service chain is a logical sequence of service profiles defined by the network administrator.


  1. With admin privileges, log in to NSX Manager.
  2. Verify the NSX Manager is in Policy mode.
  3. Navigate to

    Security > Network Introspection > Service Chains > Add Chain

  4. Enter the service chain name.
  5. In the Service Segments field, select the service segment to which you want to apply the service chain.
    A service segment is a segment of service plane that connects multiple service VMs of an overlay transport zone. Each service VM in the service chain is separate from another service VM and L2 and L3 network segments run by NSX-T Data Center. The service plane controls access to service VMs.
  6. To set the forward path, click the Set Forward Path field and click Add Profile in Sequence.
  7. Add the first profile in the service chain and click Add.
  8. To specify the next service profile, click Add Profile in Sequence and enter details.
    You can also rearrange the profile order by using the Up and Down arrow icons.
  9. Click Save to finish adding a forward path for the service chain.
  10. In the Reverse Path column, select Inverse Forward Path for the service plane to use the service profile you set for the forward path.
  11. To set a new service profile for the reverse path, click Set Reverse Path and add a service profile.
  12. Click Save to finish adding a reverse path for the service chain.
  13. In the Failure Policy field,
    • Select Allow to send traffic to the destination VM when the service VM fails. Service VM failure is detected by the liveness detection mechanism which can be enabled only by partners.
    • Select Block to not send traffic to the destination VM when the service VM fails.
  14. Click Save.


After adding a service chain, the partner Service Manager is notified about the update.

What to do next

Create a redirection rule to introspect east-west network traffic. See Add Redirection Rules for East-West Traffic.