VMware NSX Firewalling using AD Groups

This particular use-case is to implement network security to allow or block network access to certain applications/servers in the datacenter, depending on the logged-on user in a horizon view environment.

This we will achieve using a feature of VMware NSX that is Identity based firewalling.

Let’s first connect NSX to Active Directory. This step can be completed on the NSX Manager under manage -> domains. Add the domain you want to use to NSX:







Once AD sync is completed. now , we need to chose an AD group inside NSX “Grouping Object”.

  1. Go to Grouping Objects
  2. Click on + sign, a New Window will open, provide a proper Name.
  3. Click on + sign
  4. Choose “Entity” from drop down.
  5. Click on the next box , it will open a list of AD groups.
  6. Choose your AD group



Go to IP Sets and lets create an IP set , these will contain the list of IPs which we don’t want users to access.

  1. Click on + Sign.
  2. Enter descriptive Name.
  3. Enter IP address to block.
  4. Click OK.



Now Lets’ go to Firewall and create a Rule.

  • Click in Firewall
  • Click on + Sign.
  • Give a descriptive Name.
  • Chose Group , that we have created in Grouping Object , in our case it is “Demo”.
  • Choose IP Set , that we have created in IP set , in our case “no_access_server”.
  • Chose “Block” as we would need to block the traffic.


I hope this should be useful and helpful. Please Review and comment.


1 thought on “VMware NSX Firewalling using AD Groups

  1. Pingback: VMware NSX Firewalling using AD Groups | VMTECHIE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s