The web application in this example relies on three virtual servers:
- A web server,
- An application server, and
- A database server.
Each server is connected to its own virtual network.
The Distributed Logical Router (Distributed-Router) interconnects these three virtual networks, while the perimeter router (Perimeter-Gateway) connects the physical network to these three virtual networks through a virtual transit network (Transit-Network).
The perimeter router also performs address translation:
- Source NAT to allow servers to communicate with the Internet,
- Destination NAT to redirect requests from a public address to the web server.
In this architecture, the rules of the distributed firewall integrated into NSX (perimeter router) resemble the following: