I am getting into the world of VMware's NSX product for the purpose of micro segmenting VM's in the datacenter. That is to say, living in the same network space but not being able to talk to one another. One of the problems I am running into with using the Distributed Firewall (DFW) is allowing outbound internet access while at the same time maintaining micro segmentation.
If I were to create an any/any/any allow rule it would allow the VM's to talk to one another. The only solution I have come up with is to place denys between the clusters and use the allow rule. However, this seems messy to me and I have to believe (at this point) that NSX has a better solution for this. I have tried throwing in an Edge Services Gateway but I don't know enough about it to do anything different than can be done with DFW.
Any ideas or things to try would be greatly appreciated.
