NSX Cloud creates a network topology for your public cloud VPC or VNet by generating logical networking entities in NSX.

Use this list as a reference for what is auto-generated and how you should use NSX features as they apply to the public cloud.

NSX Manager Configurations

See Auto-created NSX Logical Entities in the NSX Installation Guide for details on the logical entities created after a PCG is successfully deployed.
Important: Do not edit or delete any of these auto-created entities.
Note: If you are not able to access some features on Windows workload VMs ensure that the Windows firewall settings are correctly configured.
Table 1.
NSX Feature Details NSX Cloud Note
Segments or Logical Switches See Segments.

A segment is created for every public cloud subnet to which a managed VM is attached. This is a hybrid segment.

Gateways or Logical Routers See Tier-0 Gateways and Tier-1 Gateway. When PCG is deployed on a Transit VPC or VNet, a tier-0 logical router is auto-created by NSX Cloud. A tier-1 router is created for each Compute VPC/VNet when it's linked to a Transit VPC/VNet
IPFIX See Configure IPFIX in Manager Mode.
  • IPFIX is supported in NSX Cloud only on UDP port 4739.
  • Switch and DFW IPFIX: If the collector is in the same subnet as the Windows VM on which IPFIX profile has been applied, a static ARP entry for the collector on the Windows VM is needed because Windows silently discards UDP packets when no ARP entry is found.
Port Mirroring See Monitor Port Mirroring Sessions in Manager Mode. Port Mirroring is supported only in AWS in the current release.
  • For NSX Cloud, configure Port Mirroring from Tools > Port Mirroring Session.
  • Only L3SPAN Port Mirroring is supported.
  • The collector must be in the same VPC as the source workload VM.
Distributed Firewall (DFW) See Distributed Firewall.
  • Layer 4 - Layer 7 with Application IDs.
  • FQDN Filtering.
Gateway Firewall (GFW) See Gateway Firewall. Supported on tier-0 gateways.