I recently did a project for a large customer for micro-seg. It was NSX in this case but could be physical/virtual firewall/NGFW/ACI...At end of the day, they are all still firewall rules...
I came in initially planning to do the project based on VM name and IP/Subnet with small amount of specific known services via TCP/UDP ports. But the Mr. customer wanted to filter traffic for their 200+ VMs in their primary DC TCP/UDP destination ports...I was trying to convince them but failed...They simply took out the excuse that they need Micro-Segmentation...
So lets discuss here: what is micro-segmentation? Also what is the best practise for designing firewall rule sets?
No comments:
Post a Comment