Skip main navigation (Press Enter).

VMware NSX

Back to discussions

Expand all | Collapse all

NSX Stateful Firewall - Connection Table

Jump to Best Answer

leotagliettiAug 26, 2022 06:30 PM

Hello. I'm using L4 stateful distributed firewall and I would like to know if it's possible to see the ...

aggarwalvinay31Aug 28, 2022 06:30 AMBest Answer

On ESXi host, vsip module maintains rules and flow table. You can use vsipioctl command to get connections ...

1. NSX Stateful Firewall - Connection Table

Recommend
leotaglietti
Posted Aug 26, 2022 06:30 PM

Reply Reply Privately
Hello.
I'm using L4 stateful distributed firewall and I would like to know if it's possible to see the current "connection table" that it's used by a stateful firewall to check the flow is related to some active connection.
2. RE: NSX Stateful Firewall - Connection Table
Best Answer

Recommend
aggarwalvinay31
Posted Aug 28, 2022 06:30 AM

Reply Reply Privately
On ESXi host, vsip module maintains rules and flow table. You can use vsipioctl command to get connections or flow stats on VM.
Use summarize-dvfilter to get filter name.
vsipioctl getconnections -f <dvfilter-name> -t <refresh interval in seconds>

On KVM, conntrack module keep track of connections.
ovs-appctl dpctl/dump-conntrack -m
You can refer below documents for more information on dfw troubleshooting.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-7BCCF652-7825-4023-A5F3-A7F3B112A9F1.html
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-E7A7C5BE-C23E-4E6A-8B73-F9DBB54AC5F1.html
Hope this helps.

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon