HOWTO: Exclude Virtual Machines from Firewall Protection
VMware NSX-V VCAP6-NV VCIX6-NV DFW HOWTO
Published on 29 July 2017 by Christopher Lewis. Words: 182. Reading Time: 1 mins.
In this post, we’ll look at the final step of deploying the VMware NSX infrastructure, excluding VMs from the firewall protection. The default rule if DENY ALL which is due to security by design reasons but can cause all sorts of problems!
VMware recommends that the following machines are excluded:
- vCenter Server (including Platform Services Controllers)
- Partner service virtual machines.
- Virtual machines that require promiscuous mode.
- The SQL server that your Windows-based vCenter uses.
- vCenter Web server, if you are running it separately.
Adding Virtual Machines to the Exclusion List
Note: These steps assume you are not even logged into vCenter Server. Skip the first few steps if you are!
Using your favourite web browser, navigate to the vCenter Server login page (
Enter appropriate User name and Password and click Login.
Click Network and Security.
Click Installation tab and click Management.
Double Click on the NSX Manager IP Address.
Click Exclusions List.
Select the VM(s) you want to exclude and click the arrow to move them to the exclusion list.
And there you have it!
- HOWTO: Deploy the VMware NSX Controller(s) ()
- HOWTO: Deploy and Configure the VMware NSX Manager Virtual Appliance - Part 3 ()
- HOWTO: Deploy and Configure the VMware NSX Manager Virtual Appliance - Part 2 ()
- HOWTO: Deploy and Configure the VMware NSX Manager Virtual Appliance - Part 1 ()
- HOWTO: Configuring VMware NSX Licensing ()