Configure NSX-T exclusion list

From Notes_Wiki
Revision as of 03:20, 12 September 2022 by Saurabh (talk | contribs) (Created page with "Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list Sometimes it is desired to exclude a few VMs such as NSX controller cluster / NSX manager cluster, vCenter, AD etc. from NSX so that even if we make a mistake in writing an NSX distributed firewall policy, we can at least login into vCenter / NSX manager etc. and revert the changes. To configure a group (list) of VMs that should be excluded from NSX policies use: # Login int...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list

Sometimes it is desired to exclude a few VMs such as NSX controller cluster / NSX manager cluster, vCenter, AD etc. from NSX so that even if we make a mistake in writing an NSX distributed firewall policy, we can at least login into vCenter / NSX manager etc. and revert the changes.

To configure a group (list) of VMs that should be excluded from NSX policies use:

  1. Login into NSX Manager.
  2. Go to Security -> Distribution firewall.
  3. Go to actions -> Exclusion list.
  4. Create required group of objects (VMs) that should be excluded.
  5. (Optionally) Add a test VM to this exclusion group. Try to block access to this test VM via distributed firewall North/South or East/West policies. Validate that NSX is not blocking any communication with this test VM.
    We can remove this test VM from exclusion list and validate that NSX is blocking the connections as per configured policy.

Refer:



Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list