Issue:
I wanted to lock down my NSX Edge Gateway SSL VPN portal to a specific IP range. As you are not allowed to put a custom rule above a system defined rule on the edge itself I needed a work around.
Resolution:
In vCenter web client go to HOME -> Network & Security -> Firewall -> Add rule {Green + sign)
Add an accept (SSL_VPN_EDGE) and deny (SSL_VPN_EDGE_BLOCK) rule – as highlighed in the screenshot below:
Note; Ensure this is applied to the Edge only
Then go back you NSX Edge:
Go to HOME -> Network & Security -> NSX Edges -> {Select Edge in question} -> Firewall
You'll now see the the rules applied above the system rules
You must be logged in to post a comment.