Dmitri Kalintsev’s “Applied To:” Distributed Firewall Rule

Dmitri Kalintsev recently posted the bLOG article, Distributed Firewall (DFW) in NSX for vSphere, and “Applied To:”  His article describes why the “Applied To:” option is so important when establishing Firewall Rules in NSX.  Dmitri states, “DFW always translates those objects into address sets, populated with IP addresses of those objects. So in the end the allow/deny decisions are made against IP addresses. This means that if a given IP address is used by more than one VM (think a multi-tenant environment, for example), there’s a clear risk of unintended firewall action.”  The wonderfully written article illustrates the importance of using “Applied To:” as a remedy to this potential problem.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s