After you publish new Distributed Firewall Rules, how can you verify that each VM affected
by the new rules have them in fact, working at their vNic?
Yes, you can fetch it via NSX Manager as well
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
One way of checking is like below
1.vsipioctl getfilters
2.vsipioctl getrules -f nic-2739622-eth0-vmware-sfw.2(give the respective filtername)
3.For active connections/flows you can use getconnections/getflows instead of getrules command.
That's very helpful. Thank you. On this consult gig I don't think I have access to the ESXi hosts unfortunately.
Only access to NSX, VRNI, vCenter. Perhaps access to the CLI NSX. Perhaps a thought on verifying the
push with one of those tools?
Vmwre docs provide more details around it, Troubleshooting Distributed Firewall
Yes, you can fetch it via NSX Manager as well
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.