Utilize NSX DFW to control "IP Protocol 41" traffic
search cancel

Utilize NSX DFW to control "IP Protocol 41" traffic

book

Article ID: 416116

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

"IP Protocol 41" is one of IPv6-over-IPv4 encapsulation.
This article describes how to configure the right service which can be applied to NSX vDefend firewall to control this kind of traffic.

 

Environment

VMware NSX
VMware vDefend Firewall

Resolution

To control the "IP Protocol 41" traffic, Either create a new service or use Raw Porto-protocols by select "service type" as "IP" and "additional properties" as "IPv6".
Then apply them as the "services" in NSX firewall rules.

Eg. for Services

For Raw Port-Protocols

Below is an example in lab which the "allow" rule use the customized service and the "deny" rule utilize Raw Port-Protocols.

Powered by Wolken Software