What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AE.
In VMware NSX-T Data Center, a distributed firewall (DFW) is a firewall that is distributed across all hypervisors and VMs in a data center. It provides network security by inspecting and filtering traffic at the virtual machine (VM) interface level. When configuring a distributed firewall rule, there are various options to define the scope of the rule. The two valid options for configuring the scope of a distributed firewall rule are:
A. Group: A group is a collection of objects that share common characteristics. For example, you can create a group of VMs based on their operating system or application type. When configuring a DFW rule, you can specify a group as the scope, and the rule will apply to all objects within that group.
B. Tier-1 Gateway: A Tier-1 Gateway is a logical router that provides north-south connectivity between NSX-T logical switches and external networks. When configuring a DFW rule, you can specify a Tier-1 Gateway as the scope, and the rule will apply to all traffic that passes through the gateway.
C. Segment Port: A segment port is a virtual interface on a VM that connects to an NSX-T logical switch. When configuring a DFW rule, you can specify a segment port as the scope, and the rule will apply to all traffic that passes through that port.
D. Segment: A segment is a virtual network created within NSX-T. When configuring a DFW rule, you can specify a segment as the scope, and the rule will apply to all traffic within that segment.
E. DFW: DFW itself is also a valid option when configuring a DFW rule. When you select this option, the rule applies to all traffic that passes through the distributed firewall.
In summary, the two valid options when configuring the scope of a distributed firewall rule are Group and Tier-1 Gateway.