You must create VMware Cloud (VMC) groups and firewall rules to build communication with vRealize Network Insight.
Prerequisites:
- Deploy vRealize Network Insight platform and collector (for on-premises) or get the valid subscription (for cloud service).
- You must have required privileges. See Add a VMware Cloud (VMC) vCenter and Add a VMware Cloud (VMC) NSX Manager.
- Deploy a VMware Cloud (VMC) software-defined data center (SDDC) 1.8 and later with NSX-T networking.
- Configure Firewall Rules for communication between vRealize Network Insight platform and collector.
- For the port requirements of incoming traffic, see VMware Ports and Protocols.
- Ensure you allow the HTTPS port 443 in the firewall to communicate between the Platform and the following domain:
-
*.vmc.vmware.com
-
- If you configure CSP with restricted access as per the VMware Cloud services documentation, you must allow list the platform IP.
Configure Firewall Rules for communication between vRealize Network Insight platform and collector
Configuring firewall rules in
VMware Cloud (VMC) includes:
- Creating a VMware Cloud (VMC) group for vRealize Network Insight collector.
- Log in to VMware Cloud (VMC) at https://vmc.vmware.com.
- On the Networking & Security tab, click .
- On the Groups card, click COMPUTE GROUPS, then click ADD GROUP and give the group a Name and an optional Description.
- Click Set Members to open the Select Members page.
- Provide the vRealize Network Insight collector VM details.
You use this group in the firewall rules that you create later to allow communication between VMware Cloud (VMC) NSX Manager and vRealize Network Insight.
- Create a firewall rule.
- Log in to the VMC Console at https://vmc.vmware.com.
- On the Networking & Security tab, click Gateway Firewall.
- On the Gateway Firewall card, click Compute Gateway, then click ADD RULE and give the new rule a Name.
- Enter the parameters for the new rule.
- Sources: Enter the name of the VMware Cloud (VMC) group containing the vRealize Network Insight collector IP address.
- Destinations: Select Any.
- Services: Select HTTPS, DNS, DNS-UDP, NTP, ICMP.
- Action: Select Allow.
-
Applied To: Select Internet Interface.
-
Logging: Enable logging if required. Else this field is unchanged.
The new rule is enabled by default. Slide the toggle to the left to deactivate it.
- Click Publish.
Configure Firewall Rules for communication between collector and NSX Manager, and collector and vCenter
- Log in to the VMC Console at https://vmc.vmware.com.
- On the Networking & Security tab, click Gateway Firewall.
- On the Gateway Firewall card, click Management Gateway, then click ADD RULE and give the new rule a Name.
- Enter the parameters for the new rule.
- Sources: Enter the name of the VMware Cloud (VMC) group containing the vRealize Network Insight collector IP address.
- Destinations: Select System Defined Groups, search for NSX Manager, and then select the NSX Manager entry.
- Services: Select HTTPS (443).
- Action: Select Allow.
-
Logging: Enable logging if required.
By default, the new rule is enabled. Slide the toggle to deactivate it.
- Click Publish.
- Perform the same steps to configure a rule for the VMware vCenter Server.
Note: Select VMware vCenter for the Destinations field in Step 4.