VMware Networking Community
KingMatthew
Contributor
Contributor

Before you delete a VM how do you search to see if it is in the NSX Firewall

Hey Everyone,

What is the easiest way to search for VMs / IPs that may be defined in an NSX Firewall rule so that it doesn't error when you delete the VM?

I would want to search for the name of the VM and the IP in source, destination and any group memberships.

Thanks everyone,

Matthew

Reply
0 Kudos
2 Replies
NicolasAlauzet

Hi there!

What kind of error are you getting when you try to delete the vm?

You should not get any kind of NSX firewall error when deleting a vm from ESXi. Thats part of the magic of nsx, that the rules stop apliying to the object when it is gone in your inventory. (So its easy to have "firewall rules deletion")

Can you share specific task and error sshot?

Cheers

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
Reply
0 Kudos
RLRHart
Contributor
Contributor

I have the same question as Matthew. I can understand once the VM gets deleted that it will get removed from any group where it is defined as a VM, that's fine. If you have it defined as an IP address, how can you search to see if the IP address has been used in any rules via a group?

But also with Matthews point if you could see the rules that it is using before it is deleted, you could find a rule that now needs deleting as it was specific to that VM? Would this be covered by using the filter on the rule set? If so is there any way to prevent it showing rules where '* Any' is used.

Richard

Reply
0 Kudos