NSX – Create/configure Identity-based firewall (IDFW) for specific users/groups

This post will focus on create firewall rules that utilise Active Directory Groups, I’ve already covered who you integrate NSX with AD here so let’s get straight into creating a Security Group:

1. Select the NSX Manager, then click Manage, followed by Grouping Objects.

2. Click on Security Groups.

3. Click the green + sign to Add a Security Group. What I am going to do is create a dynamic group membership based on the AD Group by selecting Entity, Belongs to and then clicking the “Select Entity” button:

Once you get tot he next screen change “Type” to Directory Group which will list all of your AD groups, find the group, select it and click ok.

4. Click, next, next, finish to complete creating the Security Group.

5. We now need to create a firewall rule (as we normally would) but use this security group as either source or destination. Click on the Firewall option and create the role as you normally would:

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.