This particular use-case is to implement network security to allow or block network access to certain applications/servers in the datacenter, depending on the logged-on user in a horizon view environment.

This we will achieve using a feature of VMware NSX that is Identity based firewalling.

Let’s first connect NSX to Active Directory. This step can be completed on the NSX Manager under manage -> domains. Add the domain you want to use to NSX:

Once AD sync is completed. now , we need to chose an AD group inside NSX “Grouping Object”.

1. Go to Grouping Objects
2. Click on + sign, a New Window will open, provide a proper Name.
3. Click on + sign
4. Choose “Entity” from drop down.
5. Click on the next box , it will open a list of AD groups.
6. Choose your AD group

Go to IP Sets and lets create an IP set , these will contain the list of IPs which we don’t want users to access.

1. Click on + Sign.
2. Enter descriptive Name.
3. Enter IP address to block.
4. Click OK.

Now Lets’ go to Firewall and create a Rule.

• Click in Firewall
• Click on + Sign.
• Give a descriptive Name.
• Chose Group , that we have created in Grouping Object , in our case it is “Demo”.
• Choose IP Set , that we have created in IP set , in our case “no_access_server”.
• Chose “Block” as we would need to block the traffic.

I hope this should be useful and helpful. Please Review and comment.