Re: NSX Firewall Rule Testing

vmmedmed · ‎08-04-2017

Is there somewhere in NSX where I can test if a packet will be allowed or denied without having to generate the traffic from (or to) a VM?

e.g. put in Source 10.10.10.100, Destination 10.20.10.100 and TCP port 3306...will it pass or not? In Palo Alto Networks there's

a "test sec policy" I believe that does this.

bayupw · ‎08-05-2017

If you are on NSX 6.3, try exploring Application Rule Manager

Application Rule Manager (ARM) Practical Implementation - Healthcare - Network Virtualization

Else you can try Traceflow

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

All

NSX Firewall Rule Testing