VMware NSX-T 3.2 Analyzing URL Traffic

Posted by

FQDN Analysis allows administrators to gain insight into the type of websites accessed within the organization, and understand the reputation and risk of the accessed websites.

How to configure:

Security > North South Security > URL Analysis

You need to enable the service which is disabled by default

Highlight your edge and click enable

Yes but only if you really mean it

Confirm the status is up – this can take a while

Next we will be creating Custom Context Profiles for URL Analysis

While remaining on the URL Analysis > Settings tab

Click Set under Profiles

Add Context Profile

Provide a name then click Set under Attributes

Add Attribute

URL Category

I tend to select all options but you could just select what you are analyzing for

Apply

Next we need to create a Gateway Firewall Rule for the T1 Router in our environment

+Add Policy

Then Provide the Policy a name

Next we need to add a rule

Add Rule

Give the Rule a name like URL Rule

Leave Sources as Any

Leave Destination as Any

Click services

Add DNS and DNS-UDP

Apply

Click the edit under Context Profiles

Select DNS then apply

Apply

Finally, leave the T1 default and allow as default.

Publish

Generate web traffic

Log into one of your internet facing virtual machines and go to different web pages.

Also, you can log into your Link Virtual machines and ping websites

After waiting 5-15 minutes the URL Analysis should begin reporting

Now you can review reputation scores, the reputation and category distributions, etc.

Leave a Reply