Leading up to today’s discussion, we previously reviewed the differences between stateful and stateless firewalls , followed by how stateful NAT services operate in conjunction with a stateful Gateway Firewall. While the expectation when using stateful NAT services in NSX is that the Gateway Firewall is enabled with a stateful policy, we wanted to showContinueContinue reading “Stateful NAT in NSX – Part 2: Stateless Gateway Firewall”
Author Archives: Michael Wright
Stateful NAT in NSX – Part 1: T0/T1 Gateway Firewall
In our previous post, we detailed the differences between stateful and stateless firewalls. In today’s post, we’ll investigate how stateful NSX NAT services function in conjunction with the stateful firewall running on a Tier-0 or Tier-1, which is known as the ‘Gateway Firewall’. Note: As mentioned in prior posts, we won’t be covering the newerContinueContinue reading “Stateful NAT in NSX – Part 1: T0/T1 Gateway Firewall”
Stateful vs Stateless Firewalls – A Review
In our previous post, we took a broad look at the NAT services available in NSX; in particular, we noted which NAT services are ‘stateful’ or ‘stateless’ (that is, identifying which NAT services utilize a ‘state’ table). As NAT rules in NSX are functionally firewall rules, we wanted to review how stateful and stateless firewallsContinueContinue reading “Stateful vs Stateless Firewalls – A Review”
NSX-T Bridging 101 – Part Eight: Enabling MAC Learning on a Distributed Virtual Port Group
A few years ago we published an entire series on bridging in NSX. In the time since, we’ve had a few questions asked about part three of the series, where we discuss methods for frame delivery. In that post, we briefly touch on the ability for a virtual distributed switch in vSphere 6.7 to utilizeContinueContinue reading “NSX-T Bridging 101 – Part Eight: Enabling MAC Learning on a Distributed Virtual Port Group”
NAT in NSX – Introduction
When it comes to utilizing Network Address Translation (NAT) in NSX, configuring NAT can seem both overly simple and extremely complex. In this series, we want to provide an overall look at NAT within NSX by narrowing the scope of conversation to relatively specific use cases in order to better inform on how the solutionContinueContinue reading “NAT in NSX – Introduction”
NSX-T L3 VPNs: VPNs and the effect of NAT
In this final part of our VPN series, we’ll discuss building a VPN over the Internet. More specifically, we will address the impact of Network Address Translation (NAT) on VPN traffic. Quick Review In our prior posts, we built Policy Based, Static Route Based, and Dynamic Route Based VPNs. Let’s take a look below atContinueContinue reading “NSX-T L3 VPNs: VPNs and the effect of NAT”
NSX-T L3 VPNs: Route Based VPNs – Dynamic Routing
In our previous post, we created a route based VPN utilizing static routes on a Tier-1 (T1) Service Router (SR). Today, we will demonstrate how to utilize route-based VPNs via Dynamic Routing. Dynamic Routing and VPNs In the introduction to our VPN series, we provided a flowchart identifying where a given type of VPN (eitherContinueContinue reading “NSX-T L3 VPNs: Route Based VPNs – Dynamic Routing”
NSX-T L3 VPNs: Policy Based VPNs
In our first post, we provided a L3 VPN scenario and discussed Policy and Route Based VPNs. Following this, we provided a breakdown of our lab environment that we will be using. Today, we will demonstrate how to configure a Policy Based VPN using our scenario. Policy L3 IPSec VPN scenario Simple VPN Scenario (clickContinueContinue reading “NSX-T L3 VPNs: Policy Based VPNs”
NSX-T L3 VPNs: Route Based VPNs – Static Routing
In our previous post, we showed how you can build a policy based VPN utilizing a T1 SR in NSX-T. Today, we will demonstrate how to utilize a route-based VPN via Static Routing. Before we begin… While the lab topology we’ll use today is nearly identical to what was used for our Policy Based VPNContinueContinue reading “NSX-T L3 VPNs: Route Based VPNs – Static Routing”
NSX-T Layer 3 VPNs – Lab Topology
As we’ll be reusing the scenario of securing communications between our blue VM and green server throughout the coming posts, we wanted to provide a breakdown of the lab topology that will be utilized. Our intent is to allow you to reference this material as desired via this post, rather than re-populating it over andContinueContinue reading “NSX-T Layer 3 VPNs – Lab Topology”
LumberjackWizard 