Specifications
VM-Series Deployment Guide 73
Set Up a VM-Series NSX Edition Firewall Deploy the VM-Series NSX Edition Firewall
The last step in the process of deploying the VM-Series NSX Edition firewall is to apply the redirection
policies to the security groups on the NSX Manager.
Steer Traffic from Guests that are not Running VMware Tools
VMware Tools contains a utility that allows the NSX Manager to collect the IP address(es) of each guest running
in the cluster. NSX Manager uses the IP address as a match criterion to steer traffic to the VM-Series firewall.
If you do not have VMware tools installed on each guest, the IP address(es) of the guest is unavailable to the
NSX Manager and traffic cannot be steered to the VM-Series firewall.
The following steps allow you to manually provision guests without VMware Tools so that traffic from each of
these guests can be managed by the VM-Series firewall.
Apply the Security Policies on the NSX Manager
1. Select Networking and Security > Service Composer > Security Policies.
2. Select the security policy and click
Apply Security Policy and select the security groups to which the rules must be
pushed. The rules are applied to each ESXi host included in the selected security groups.
Steer Traffic from Guests that are not Running VMware Tools
Step 1 Create an IP set that includes the guests that need to be secured by the VM-Series firewall. This IP set will be
used as the source or destination object in an NSX distributed firewall rule in Step 4 below.
1. Select
NSX Managers > Manage > Grouping Objects > IP Sets.
2. Click
Add and enter the IP address of each guest that does not have VMware tools installed, and needs to be
secured by the VM-Series firewall. Use commas to separate individual IP addresses; IP ranges or subnets are
not valid.