In this section, we will implement a distributed firewall policy for a three-tier application (Application A) as depicted in the following figure:
There are three approaches to create security policy rules in NSX DFW; they are:
- Network-based policies
- Infrastructure-based policies
- Application-based policies
The network-based policies are similar to traditional firewall constructs where you would use layer 2 (MAC address) or layer 3 (IP address) constructs to create security policy rules. The infrastructure-based policies approach uses vCenter infrastructure objects such as vSphere cluster, VM, dvPortGroup, or other ...