Configuring a distributed firewall for use with your SDDC increases the security level of your environment by allowing only the network traffic that is required for the SDDC to run. The firewall rules you define allow access to management applications.

You define explicit rules for the distributed firewall which allow access to management applications.


Exclude vCenter Server from all of your distributed firewall rules. This ensures that network access between vCenter Server and NSX is not blocked.


Create IP sets for all management applications in the management clusters. You use the IP sets later to create security groups for use with the distributed firewall rules.


Create security groups for use in configuring firewall rules for the groups of applications in the SDDC.


A firewall rule consists of a section to segregate the firewall rules and the rule itself, which defines what network traffic is, or is not, blocked.