In this article, we are going to configure firewall rule for a 3-tier application in NSX-T environment. We have used three Virtual machines as DB, Web, and App and configured firewll rules accordingly.
<Credit: VMware HOL Lab> I have used VMware HOL lab to use NSX-T infrastructure.
Login to NSX-T Console and Click on Security Tab. Go to Distributed Firewall under East West Security.
Go to Category Specific Rules and Click on Add Policy. You can see the existing policies for 3 tier application. Here we are going to create a new one.
Click on Add Policy and give name. I used name as "vi_3 tier app".
Now you need to create rules under Policy. Click on Add Rules.
I have added 3 different rules for App, DB, and Web.
Now you need to select Source and Destination. Here, you need to add Group for set of virtual machines. Such as, add all app servers in App group, DB servers in DB group, and Web Servers in Web Group.
To create group of member virtual machines, Click on "Any" in source, and click on Pencil Icon.
Click on Add Group.
I created a groups named as pj_app_grp. Click on Set Members.
Under Members tab, select Virtual Machine in Category option. I have selected PJ_app01 Virtual machine for vi_app_grp.
Click on Save.
Perform same steps to create group for Web and App. I have created three groups here and added virtual machines to each group according to role such as Web, app, db.
Now adding group to Source and Destination. Here we need to remember that in three tier application, below rules are required.
I have configured source and destination.
Configure services for each rule.
Select service which you want to configure.
Here I have configured all services.
All rules have been created under "vi_3 tier app" policy.