vRealize Network Insight Guide to importing recommended DFW rules to NSX-T or VMC SDDC using Python Script.
4/27/21 - NOTE** Updated to handle paginated results for services and security groups. Updated to populate security groups with IP Memberships.
Pre-requisites:
Follow steps below:
Step: Download script by clicking Download button on this page
IF VMC:
Step: Copy VMC Refresh token
Login to https://console.cloud.vmware.com/
Click My Account -> API Tokens tab -> Generate Token or Regenerate an existing token
Token must have NSX Cloud Admin service role under VMC on AWS service.
Copy token
Step: Collect SDDC ID and VMC Organizational ID
Select VMware Cloud on AWS under My Services -> Click desired SDDC -> Click Support
Copy Org ID and SDDC ID
IF NSX-T:
Step: Copy NSX-T Manager or VIP URL ( https://manager.fqdn/ )
Note: Must use full url including Https:// and trailing /
Step: Export application rules
Step:
***NOTE*** To populate security groups with IP memberships (vRNI Version 6.2 and up only) select 'yes' when prompted. Each time theh script is ran and this option is selected, the security groups in question will be overwritten with the IPs in the file you select. If populating security groups with this script, firewall rules will apply to 'DFW' instead of security groups due issue where groups consisting of only IP addresses, MAC addresses, or Active Directory groups not being able to be used in the "Applied to" text box.
Contributors:
Trey Tyler <Ttyler@vmware.com>
Kevin Forbes <Kforbes@vmware.com>