VMware NSX

 View Only
  • 1.  DFW rule sprawl and a systemised approach

    Broadcom Employee
    Posted 30 days ago

    Hello Experts,

    Do any of you have experience around DFW rule sprawl and a systemised approach for the reduction of rules?In addition, using any automation /scripting to reduce the number of rules and duplicates?

    Thank you



  • 2.  RE: DFW rule sprawl and a systemised approach

    Posted 26 days ago

    Ssalam Mohammed,

    A few years ago, we needed to migrate more than 1700 rules from NSX-v to NSX-T and we used PowerCLI scripts for that. It tooks around 3 minutes (plus some hours of scripting). So I guess it's a good way to identify duplicates with some scripting/programming engeniosity.

    Good Luck!

    Yassir




  • 3.  RE: DFW rule sprawl and a systemised approach

    Posted 25 days ago

    Salaam Yaasir,

    Thank you for the update, any idea from where i can get the script which help me find unused firewall rules and duplicate DFW rules.

    thank you.




  • 4.  RE: DFW rule sprawl and a systemised approach

    Broadcom Employee
    Posted 24 days ago

    Why don't use Aria operations for Network

    https://docs.vmware.com/en/VMware-vRealize-Network-Insight/6.9/com.vmware.vrni.using.doc/GUID-1B933DF3-02C3-4F28-BE97-7DBCD9F4E6B3.html