Configure the default firewall policy and HA parameters.

If you do not configure the firewall policy, the default policy is set to deny all traffic and logs are disabled.

You must configure HA parameters for high availability to work on network configurations on NSX Edge. NSX Edge supports two virtual machines for high availability, both of which are kept up to date with user configurations. If a heartbeat failure occurs on the primary virtual machine, the secondary virtual machine state is changed to active. Thus, one NSX Edge virtual machine is always active on the network.

1

On the Firewall & HA page, select Configure Firewall default policy.

2

Specify whether to accept or deny incoming traffic by default.

3

Select whether to log incoming traffic.

Enabling default logging may generate too many logs and affect the performance of your NSX Edge. Hence, it is recommended that you enable default logging only while troubleshooting or debugging.

4

If you selected Enable HA on the Name & Description page, complete the Configure HA parameters section.

NSX Edge replicates the configuration of the primary appliance for the standby appliance and ensures that the two HA NSX Edge virtual machines are not on the same ESX host even after you use DRS and vMotion. Two virtual machines are deployed on vCenter in the same resource pool and datastore as the appliance you configured. Local link IPs are assigned to HA virtual machines in the NSX Edge HA so that they can communicate with each other. You can specify management IP addresses to override the local links.

a

Select the internal interface for which to configure HA parameters.

If you select ANY for interface but there are no internal interfaces configured, the UI does not display an error. Two Edge appliances are created but since there is no internal interface configured, the new Edge remains in standby and HA is disabled. Once an internal interface is configured, HA will get enabled on the Edge appliance.

b

(Optional) Type the period in seconds within which, if the backup appliance does not receive a heartbeat signal from the primary appliance, the primary appliance is considered inactive and the back up appliance takes over.

The default interval is 15 seconds.

c

(Optional) Type two management IP addresses in CIDR format to override the local link IPs assigned to the HA virtual machines.

Ensure that the management IP addresses do not overlap with the IPs used for any other interface and do not interfere with traffic routing. You should not use an IP that exists somewhere else on your network, even if that network is not directly attached to the NSX Edge.

5

Click Next.

The Summary page appears.