Configure a distributed firewall to improve the security in your environment by allowing only the network traffic that the SDDC needs. You define explicit firewall rules to allow access to the management applications.
Procedure
Add the vCenter Server Appliance to the NSX Distributed Firewall Exclusion List in Region A To keep the network access between the vCenter Server Appliance and NSX, you exclude the vCenter Server Appliance from all distributed firewall rules.
Create IP Sets for the Components of the Management Cluster in Region A Create IP sets for all management applications. At a later stage, use the IP sets to create security groups to use with the distributed firewall rules.
Create Security Groups in Region A Create security groups that are used in configuring firewall rules for the groups of applications in the SDDC.
Create Distributed Firewall Rules in Region A Create firewall rules that allow administrators to connect to the various VMware solutions, to allow for the user access to the vRealize Automation portal, and to provide for the external connectivity to the SDDC.