LAB NSX DFW Configuration

LAB NSX DFW Configuration

NSX DFW Configuration


  • Verify that web-01a is able to reach to web-02a , app-01a and db-01a Subnet for these three servers are
    • Web : 16.10.0/24
    • App: 16.20.0/24
    • DB: 16.30.0/24
  • Create a 3-tier Security Group named DCLessons-Web-Tier-SG and select object type VM , and then select both web-01a, web-02a
  • Create Three Tier Access Rule name DClessons-3tier-rule with source any, destination DCLessons-Web-Tier, and enable Service HTTPS, SSH
  • Create another new Rule, to allow Web Security Group to allow access to App Logical Switch over port 8443.
  • Create Another Rule to allow App-Logical Switch to access DB-logical Switch DB switch over port 80.
  • Test the connectivity



Login to the vSphere Web Client

  1. Test 3-tier VM to VM connectivity using Putty | Click on the PuTTY shortcut on the desktop taskbar
  2. Select web-01a.corp.local
  3. Click on Open

First you will show that web-01a can Ping web-02a by entering :

  1. ping -c 2

Now test connectivity between web-01a to app-01a and db-01a:

  1. ping -c 2
  2. ping -c 2

Create 3-Tier Security Groups

  1. Click Home | Networking & Security | Click on Service Composer.
  2. Select Security Groups. Note: there may be existing security groups to be used in another lab module
  3. To add a new security group click the + ADD icon

  1. Once selecting the + Add then choose Name this first group "DClessons-Web-Tier-SG"
  2. Click the "Select objects to include" section
  3. Pull down the Object Types and select Virtual Machines
  4. You can filter by typing "web" into the search widow
  5. Select web-01a
  6. Click the Right Hand arrow to push the VM to the Selected Objects window
  7. Repeat for web-02a
  8. Click Finish

Create 3-Tier Access Rules

  1. On the left hand menu, select Firewall
  2. In middle of screen select the + ADD SECTION button to add another Firewall
  3. section above the "Flow Monitoring & Trace Flow Rules-Disabled by Default (Rule 1)" row.


    You are will be the first.


Please login here to comment.