VMware NSX

 View Only
  • 1.  DFW rule sprawl and a systemised approach

    Broadcom Employee
    Posted Jun 15, 2024 02:49 AM

    Hello Experts,

    Do any of you have experience around DFW rule sprawl and a systemised approach for the reduction of rules?In addition, using any automation /scripting to reduce the number of rules and duplicates?

    Thank you



  • 2.  RE: DFW rule sprawl and a systemised approach

    Posted Jun 19, 2024 11:59 AM

    Ssalam Mohammed,

    A few years ago, we needed to migrate more than 1700 rules from NSX-v to NSX-T and we used PowerCLI scripts for that. It tooks around 3 minutes (plus some hours of scripting). So I guess it's a good way to identify duplicates with some scripting/programming engeniosity.

    Good Luck!

    Yassir




  • 3.  RE: DFW rule sprawl and a systemised approach

    Posted Jun 20, 2024 12:48 PM

    Salaam Yaasir,

    Thank you for the update, any idea from where i can get the script which help me find unused firewall rules and duplicate DFW rules.

    thank you.




  • 4.  RE: DFW rule sprawl and a systemised approach

    Broadcom Employee
    Posted Jun 21, 2024 03:38 AM

    Why don't use Aria operations for Network

    https://docs.vmware.com/en/VMware-vRealize-Network-Insight/6.9/com.vmware.vrni.using.doc/GUID-1B933DF3-02C3-4F28-BE97-7DBCD9F4E6B3.html