Yes, you have many ways to see it in the VRNI.
1. If it is collecting for a few hours, you can see it in planning for the vm or for a group ...
2. If the collector is integrated in the NSX you will see the flows directly at the vm in the vcenter under Monitor/flow monitoring
3. You even can build your own application mapping in the VRNI. Than you will see the whole traffic in the so called 360 degree view. there you will see even allowed and dropped flows it is the same as the view of a vm.
But you can also see the flows and packing dropping in the vRealize Log Insight, with the NSX expansion pack.
So there are many more ways, to visualize the flows in VRNI.
Here is my scenario:
1. I registered Vcenter and NSX manager into vRNI (it has been running for almost two weeks)
2. I configured a dFW rule (rule name: TEMP) in NSX and action is allow
3. This has been running for two weeks
4. I want to see if this dFW rule TEMP got hits and what traffic flows are hitting it
5. I then will add other dFW rules above TEMP for those traffic flows which are legit
6. I then turn the TEMP rule action to block.
So for my scenario, where should I go inside vRNI to get the information I need?
1. Look at the WebClient of NSX if the Collector Node is under IPFIX registred and aktiv.
2. Check at your rule Temp Rule, if logging is aktiv. - Default is Logging off
3. Look at your Rule and Take the Rule ID.
4. After you have this informations you can go to the vcenter Web Client. Then you can choose a VM which has this firewall-Rule added.
5. Then you will see at the Monitor/Flow Monitoring you see the flows. There you will see the allowed and blocked flows.
6. Under allowed flows, you will maybe a flow which is matching with your Rule ID
7. It is even easier, to defined a block rule and build up a Security Group for a VM. Then you will see the match under blocke flows.
other way in VRNI you can use the search line and take the vm where the name is like 'VM-NAME'
Than you even see und under flows your rule ID if the rule matches.
I do have the VRNI added as IPFIX collector and my TEMP rule is enabled for logging. As matter of fact, I can filter ruleID of the TEMP in Log Insight to see the flow but just not in VRNI...
There are too many VMs in the environment to use search by VM-NAME in VRNI. I tried to search by ruleid but got empty page in VRNI...
To see the Applied firewall rules, we need the following items
1. ESX IPFIX
2. NSX IPFIX
Both should be collected by the same vRNI Collector. If you already have the same configuration and not seeing the rules, kindly open a Support Request with vRNI support team.Karthic Kumar,
Sr.MTS. vRealize Network Insight.
This gives me the information I am looking for inside VRNI, in case anyone else is searching as well.
flow where firewall ruleid = 2147483656