---
title: "Administración de firewall de puerta de enlace en NSX (EN)"
description: "Learn how to manage gateway firewalls"
url: https://docs.ovhcloud.com/es/guides/hosted-private-cloud/powered-by-vmware/nsx-manage-gateway-firewall
lang: es
lastUpdated: 2023-02-27
---
# Administración de firewall de puerta de enlace en NSX (EN)

## Objective

Gateway Firewall allows filtering between internal segments and the network outside the incoming or outgoing cluster.

It works on the North-South (Tier-0 Gateways) and East-West (Tier-1 Gateways) gateways if the source or destination is not inside the cluster.

If you want to create filtering rules between internal segments, you will need to use distributed firewall using our guide on [distributed firewall management](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-manage-distributed-firewall.md).

**Learn how to manage gateway firewalls.**

:::warning
OVHcloud provides services for which you are responsible, with regard to their configuration and management. It is therefore your responsibility to ensure that they work properly.

This guide is designed to assist you as much as possible with common tasks. However, we recommend contacting a [specialist provider](https://partner.ovhcloud.com/es-es/directory/) if you experience any difficulties or doubts when it comes to managing, using or setting up a service on a server.

:::

## Requirements

- Being an administrative contact of your [Hosted Private Cloud infrastructure](https://www.ovhcloud.com/es-es/enterprise/products/hosted-private-cloud/) to receive login credentials.
- A user account with access to the <ManagerLink to="/">OVHcloud Control Panel</ManagerLink>.
- Having **NSX** deployed with one segment configured in your NSX configuration. You can use our guide on [segment management in NSX](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-segment-management.md) for more information.

## Instructions

We will create a strategy to improve the visibility and administration of rules based on their usefulness.

Next, we will add a rule within our strategy that blocks access to the entire external network of a cluster from a group that contains a segment (you can use our [Distributed Firewall Management](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-manage-distributed-firewall.md) guide to create groups) and **any** for the destination.

Go to the `Security
` tab, select `Gateway Firewall
` and click `\+ ADD POLICY
`.
![01 Create gateway firewall rules 01](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules01.png)
Select `ovh-T0-gw
` to the right of **Gateway**
, name your policy `my policy
` below the **Name**
 column and click the `three vertical dots
` to the left of your policy.
![01 Create gateway firewall rules 02](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules02.png)
Click `Add Rule
` in the menu.
![01 Create gateway firewall rules 03](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules03.png)
Name your rule `block segment1 to any
` below the **Name**
 column.
![01 Create gateway firewall rules 04](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules04.png)
Click on the `pen
` to the right of "Any" in the **Source**
 column.
![01 Create gateway firewall rules 05](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules05.png)
Stay in the `Group
` tab, select the `g-segment1
` group and click `APPLY
`.
![01 Create gateway firewall rules 06](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules06.png)
Choose `Drop
` under the **Action**
 column and click `PUBLISH
`.
![01 Create gateway firewall rules 07](/images/hosted-private-cloud/powered-by-vmware/nsx-06-manage-gateway-firewall/01-create-gateway-firewall-rules07.png)
Your rule is active on the **ovh-T0-gw** gateway, it blocks all outgoing traffic from members of the **g-segment01** group.

## Go further [](#)
[Getting started with NSX](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-first-steps.md)

[Segment management in NSX](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-segment-management.md)

[Distributed Firewall management](/es/guides/hosted-private-cloud/powered-by-vmware/nsx-manage-distributed-firewall.md).

[VMware Gateway Firewall in NSX Documentation](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-A52E1A6F-F27D-41D9-9493-E3A75EC35481.html)

If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](https://www.ovhcloud.com/es-es/professional-services/) to get a quote and ask our Professional Services experts for a custom analysis of your project.

Join our community of users on [https://community.ovh.com/en/](https://community.ovh.com/en/).