Topology

The web application in this example relies on three virtual servers:

• A web server,
• An application server, and
• A database server.

 

Each server is connected to its own virtual network.

The Distributed Logical Router (Distributed-Router) interconnects these three virtual networks, while the perimeter router (Perimeter-Gateway) connects the physical network to these three virtual networks through a virtual transit network (Transit-Network).

The perimeter router also performs address translation:

• Source NAT to allow servers to communicate with the Internet,
• Destination NAT to redirect requests from a public address to the web server.

In this architecture, the rules of the distributed firewall integrated into NSX (perimeter router) resemble the following: