Configure NSX-T exclusion list
From Notes_Wiki
Revision as of 03:20, 12 September 2022 by Saurabh (talk | contribs) (Created page with "Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list Sometimes it is desired to exclude a few VMs such as NSX controller cluster / NSX manager cluster, vCenter, AD etc. from NSX so that even if we make a mistake in writing an NSX distributed firewall policy, we can at least login into vCenter / NSX manager etc. and revert the changes. To configure a group (list) of VMs that should be excluded from NSX policies use: # Login int...")
Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list
Sometimes it is desired to exclude a few VMs such as NSX controller cluster / NSX manager cluster, vCenter, AD etc. from NSX so that even if we make a mistake in writing an NSX distributed firewall policy, we can at least login into vCenter / NSX manager etc. and revert the changes.
To configure a group (list) of VMs that should be excluded from NSX policies use:
- Login into NSX Manager.
- Go to Security -> Distribution firewall.
- Go to actions -> Exclusion list.
- Create required group of objects (VMs) that should be excluded.
- (Optionally) Add a test VM to this exclusion group. Try to block access to this test VM via distributed firewall North/South or East/West policies. Validate that NSX is not blocking any communication with this test VM.
- We can remove this test VM from exclusion list and validate that NSX is blocking the connections as per configured policy.
Refer:
Home > VMWare platform > VMWare NSX > Configure NSX-T exclusion list