NSX – Page 2 – Curious-Techies

September 12, 2024September 13, 2024

Demystifying Security Terminologies: Zero Trust, Micro Segmentation, and vDefend

A candid conversation about security terminologies in the buzz of current security industry.

CuriousTechie: Hello IT Guy, I am just starting my journey in the IT security industry. I am confused about a few terminologies like Zero Trust, Micro Segmentation, vDefend, DFW, etc. Can you please help me to wrap my head around these to build a better understanding?

ITGuy: Sure, I can help you with that. Let’s follow a Top to Down approach to build the understanding.

CuriousTechie: Okay, what is actually the top layer of this security product?

ITGuy: All of these terms are NOT part of a single security product!!

Let’s start from Zero Trust, Zero Trust is NOT a security product! It is a Concept with various definitions and it is subject to interpretations. Let’s talk about the below definition!

“Zero Trust is a security model that ensures data and resources are inaccessible by default. Users can only access them on a limited basis under the right circumstances, known as least-privilege access.”

August 5, 2024

Quick Steps: Viewing DFW Rule Creation/Modification Time – Browser API Calls

A short conversation on how to run API calls on Browser to check the time of DFW rule creation or modification time!

CuriousTechie: Hello IT Guy, I need to check the time of creation and modification of a Distributed Firewall rule. Is there a quick way to check these details in the browser itself.

ITGuy: Yes it is doable but depends on the browser, what browser do you use?

CuriousTechie: Currently I am using Mozilla Firefox for this environment, will it be possible to get this data out of the box without any extension or plugins?

ITGuy: Yes sure, let’s login to your NSX manager UI and will show you how to get this information.

CuriousTechie: Here is my NSX manager Policy UI and I need to find the time of creation/modification details of rule number 2024.

July 18, 2024

NSX Intelligence: Checking Applied Rules on a VM

A short conversation on how to check the applied Distributed Firewall Rules on a VM by using NSX Intelligence!!

CuriousTechie: Hello IT Guy, during our last conversation here we discussed about three ways to check applied DFW rules but you did mention there is another way to check the rules, can we talk about that?

ITGuy: Sure ! You can leverage Security Intelligence aka NSX intelligence to validate the rules applied on a VM.

CuriousTechie: I have been using Security Intelligence to get flow information and recommendations but never seen how to check applied rules using it, can you show me?

ITGuy: Sure !

Go to Plan & Troubleshoot
Go to Discover & Take Action
On the Top bar Select Computer -> Search and select the VM that you want to check the applied rules.
Right click the VM -> Go to Related Firewall Rules
You will see all the rules applied on that particular VM

June 26, 2024June 26, 2024

3 Ways to Verify Applied Distributed Firewall Rules on a VNIC

A short conversation on how to check the applied Distributed Firewall Rules on a vnic!!

CuriousTechie: Hello IT Guy, I am working on a project to implement DFW rules in an environment and often need to check exactly what firewall rules are applied on a vnic, is there a way to do that?

ITGuy: Sure ! We can talk about three different ways to do that and we can talk about pro’s and con’s of each.

CuriousTechie: Okay cool!

ITGuy:

From NSX UI
From ESXi Host shell
From ARIA Operations for Networks aka vRNI

March 10, 2024

NSX API: Quick Troubleshooting Trick

A conversation about using browser Developer tools to validate NSX API’s for quick troubleshooting in some cases.

CuriousTechie: Hello IT Guy, I am planning to upgrade my NSX but I see a problem with the upgrade status in UI and not sure where to start the troubleshoot process.

ITGuy: Okay sure! Let’s take a look at the problem then we can get some clue to move ahead.

CuriousTechie: My upgrade screen is stuck like this.

January 31, 2024

VMC: Understand GFW on Customer Managed CGW (Tier-1 Gateway)

A conversation about how Gateway Firewall works on a Customer Managed Compute Gateway (CGW) i.e. custom Tier-1 Gateway implemented on VMware Cloud On AWS.

CuriousTechie: Hello IT Guy, I am exploring the functionality of Customer Managed CGW in VMConAWS and I am confused about the Gateway Firewall implementation. Can we discuss how it is implemented?

ITGuy: Sure! Did you get a chance to read this blog post here, it provides a good description of the feature and its functionality. On a high level the topology looks like this.

CuriousTechie: Yes, I have read this post, but the implementation of Gateway Firewall is still not clear to me. For example, when I try to configure rules on CGW, I get the option in the Applied To field to select the uplink where I want to apply the rule as shown below.

October 15, 2023

NSX-ALB GSLB Public or Private IP??

A conversation about how to configure GSLB service to provide the appropriate Public or Private IP as per the incoming DNS request.

CuriousTechie: Hello IT Guy, I am in a planning phase for a GSLB implementation and have some doubts around the DNS services, can you help me with it.

ITGuy: Sure! I recently had a conversation around GSLB which you can find here.

CuriousTechie: Yes! I have a fair understanding of GSLB, but I am looking for some specifics around how the GSLB DNS service determines which IP (Public or Private) it provides in the DNS response for Internal and External users. Can you help me to get some clarity and show the actual configuration?

September 25, 2023September 26, 2023

Broke my LAB with Distributed Firewall !!!

Recently I had an interesting conversation about implementing micro-segmentation using NSX Distributed Firewall and things to be careful about while implementation.

CuriousTechie: Hey, I was implementing Micro-segmentation in my Lab using DFW and I broke the Lab. Can you check if it can be fixed or I have to rebuild from scratch again!!

ITGuy: Let’s take a look at the problem and see if we can recover from it. What did you do?

CuriousTechie: I was testing micro-segmentation and changed the default rule to reject all traffic.

ITGuy: Let me guess..! You forgot it’s a collapsed cluster and you accidently locked away your NSX manager and vCenter ?

August 11, 2023August 31, 2023

NAPP – What? Why? How?

CuriousTechie: Hey, IT Guy! I am currently managing a NSX environment but there are plans to use NAPP, ATP and NTA in the environment. I am little confused about all these terminologies and what they do. I also heard that I must know Kubernetes/Containers to deploy NAPP. Can you help me connect the dots around these technologies?

ITGuy: Sure! Let’s tackle NAPP today!

July 17, 2023July 21, 2023

NSX ALB – A conversation about GSLB Basics

CuriousTechie: Hey, I am learning to setup Global Server Load Balancing on AVI. I do not have much experience on GSLB especially with AVI or NSX ALB, can you help me understand the basic concept of GSLB with NSX ALB?

ITGuy: Sure! Are you good with how GSLB works irrespective of the Load Balancer?

CuriousTechie: I know some basics, but a white board refresher will be helpful.

ITGuy: Sure! Let’s see what happens when you type a URL in your favourite web browser. You input a URL lets say “curioustechies.in”and DNS does its magic and run multiple DNS queries to find you the IP of the web site/server that you are looking for. I believe you have a fair understanding of how DNS works so will not go much deep into it. OK?