If your reading this article, I'm guessing like many of us, you've experienced the problem of managing policies between NSX managers that are not connected via Cross vCenter NSX. We have multiple NSX managers, possibly in Dev/Test/Production or just setup in a virtual environment identical to production for testing purposes and we need to get firewall rules from one into another and we dont want to spend all day writing ReST API scripts to do it for us.
The big problem is, objects in NSX/vCenter have unique ID's. For example, a logical switch has a unique ID and if a firewall rule is created using that object, there is no way to reference it in a rule on another isolated NSX manager instance (since it doesn't exist in the vCenter/NSX inventory).
In this article, we will show you how to do this with .
First, we will login to .
*note - There is an online demo environment available upon request if you would like to test.
Next we will first ensure we have the right NSX manager selected in the top right corner of the screen, then expand Operations and select Firewall.
In the Firewall Rule interface, you will see all the firewall rules for the NSX manager you have selected. You can click the menu and select "Export Rules" to export all the configured rules in .csv format. From here, you can open the .CSV and manipulate the data however you see fit.
*note We have customers that have converted 3rd party firewall rules such as an ASA into NSX rules using this tool by first using workflows to create IPSet's and Security groups using .csv data defining ASA object-groups then using those IPSets in firewall rules imported here.
Next we will change the NSX manager to the one we are importing rules into.
Note that is a manager of managers. You can add multiple NSX managers and switch between them executing shared workflows between them.
After ensuring we selected the NSX manager we will be importing the rules into that we exported in a previous step, we will take a look at the rules already defined on that NSX manager.
Next we will click on the same menu we exported the rules and select import. In the Rule import page, we can merge in rules as well as replace all defined rules with the ones we are importing. Select the appropriate options and click the upload button and select the .csv file you exported in a previous step. Next select "Import".
And Voila! You should now see all the rules on one NSX manager in this NSX manager!
