VMware NSX

 View Only
  • 1.  Search for unused rules in DFW NSX

    Posted Feb 04, 2019 12:35 PM

    Hi.

    Currently, we have about 2k thousand rules on DFW NSX.

    I suspect that some of them are tired and are no longer used.

    How can I analyze a large number of rules?

    May be PowerNSX help? Or Vrealize Log Insight?




  • 2.  RE: Search for unused rules in DFW NSX

    Broadcom Employee
    Posted Feb 04, 2019 05:21 PM

    If you have vRealize Network Insight in the environment you can just use the "nsx firewall rule where flow is not set" query to see all rules that haven't had a flow match them in the time period you're looking at.



  • 3.  RE: Search for unused rules in DFW NSX
    Best Answer

    Posted Feb 04, 2019 09:27 PM

    Hello,

    Yes as lhoffer​ said, if you are using vRNI you can query for firewall rules that are not used (there’s no traffic going through them) as below:

    This will be a workaround showing the NSX firewall rules where flows are seen by removing the ’not’ operator. Keep in mind you need to have NSX send the IPFix traffic flows to Network Insight for this to work as per the following: NSX Distributed Firewall Inactive Rules

    Cheers,

    VCIX6-NV|VCP-NV|VCP-DC|

    @KakHassan

    linkedin.com/in/hassanalkak



  • 4.  RE: Search for unused rules in DFW NSX

    Broadcom Employee
    Posted Sep 01, 2022 08:00 AM

    HI Hassan,

    I we are not having vRNi then is ther any work around to pullout/export/filter the information/report of the unused firewall rules instead of checking the graphs of the individual firewall rule

     



  • 5.  RE: Search for unused rules in DFW NSX

    Broadcom Employee
    Posted Sep 01, 2022 08:02 AM

    Hi Hassan,

    if we are not having vRNI in the nSX-T/NSX-V environment the is there any way to pullout/export/filter information/report of unused firewall rules collectively instead of checking the graphs of the individual firewall rule



  • 6.  RE: Search for unused rules in DFW NSX

    Posted May 11, 2020 07:20 PM

    What is the difference between Hit count and Flow?

    In the graphic I see a high Hit count, but 0 for the flow count.