Please enable Javascript for better experience...
NSX-T - How to Add Firewall Rules in Distributed Firewall (DFW) in NSX-T?
By Pranay Jha | Jun 20, 2020 | In Articles | Total Views [ 7604 ]
Taged In
(0 Like)

In this article, we are going to configure firewall rule for a 3-tier application in NSX-T environment. We have used three Virtual machines as DB, Web, and App and configured firewll rules accordingly.

<Credit: VMware HOL Lab> I have used VMware HOL lab to use NSX-T infrastructure.

Steps to Configure Firewall Policy in DFW

Login to NSX-T Console and Click on Security Tab. Go to Distributed Firewall under East West Security.

Go to Category Specific Rules and Click on Add Policy. You can see the existing policies for 3 tier application. Here we are going to create a new one.

Click on Add Policy and give name. I used name as "vi_3 tier app".

Now you need to create rules under Policy. Click on Add Rules.

I have added 3 different rules for App, DB, and Web.

Now you need to select Source and Destination. Here, you need to add Group for set of virtual machines. Such as, add all app servers in App group,  DB servers in DB group, and Web Servers in Web Group.

To create group of member virtual machines, Click on "Any" in source, and click on Pencil Icon.

Click on Add Group.

I created a groups named as pj_app_grp. Click on Set Members.

Under Members tab, select Virtual Machine in Category option. I have selected PJ_app01 Virtual machine for vi_app_grp.

Click on Save.

Perform same steps to create group for Web and App. I have created three groups here and added virtual machines to each group according to role such as Web, app, db.

Now adding group to Source and Destination. Here we need to remember that in three tier application, below rules are required.

  • Users communicates to Web Server
  • We Server communicates to App Server
  • App Server communicates to DB Server

I have configured source and destination.

Configure services for each rule.

Select service which you want to configure.

Here I have configured all services.

All rules have been created under "vi_3 tier app" policy.

Thanks for visiting here. Share this article if you found it useful.
Like Facebook Page
Connect to twitter
Subscribe my Channel
Connect over Linkedin
Share this on Social Media

About the Author

Pranay Jha
Pranay Jha
Founder, Contributer

Public profile: user/profile/99900000

Follow me

facebook linkedin twitter G+ VMTN youtube

Thank you for visiting my profile. I am Pranay Jha, bring along a total of 11+ years of extensive experience with me in Information Technology sector for organizations from small business to large enterprises, wherein my current assignment I am associated with IBM as a Technical Solution Architect for Virtualization platform. I am vExpert x 3 (16/17/18), VCIX-DCV, VCAP5/6-DCD, VCAP5-DCA, VCP7-CMA, VCP5/6-DCV, VCA-DCV, VCA-Cloud, VSP, VCE-CIA, MCITP, MCSE, MCSA(Messaging). I am also an Independent blogger and founder of and I can be reached via email at or Direct Message via Contact Us form.

Please SignUp/Login to comment...

Or comment as anonymous...
* Name
* Email ID
Facebook Likes