Hey garethholder​,

Everytime you create a new DFW rule it pushes it directly to the ESXi so if you want to start applying traffic segmentation you can do it immediately without the necessity of cleaning the VTEP table which could cause you connectivity issues.

Are you referring you DFW rules ?   We have  session timers  -Create a Session Timer , those are global values which will have direct impact on the sessions. What are we trying to achieve ?

Hi,

Thanks for the replies.  NSX is set to pass all traffic and I am outputting default any any rule logs to a syslog server.  I am creating rules as I see the access on the syslog server and disabling logging for the newly created rules so I only capture what I need to create rules for.  Traffic to our PLC's are in the connections/state table and I dont see log entries for them once connected.  I would like to clear the connections table down if possible on the next production stop to force them to reconnect so I can see if I have missed any rules.  Hope this make sense.

Thanks

Hi Gareth,

If you are referring to the flows in DFW session, you can clear them by adding VM(s) to Exclusion List, then remove it.

Adding VM(s) to Exclusion list will remove the VM(s) from DFW which would clear the connection

Refer to this KB:

Linux virtual machines with NFSv3 mounts experience an operating system hang after more than 15 minu...

• Add the affected virtual machine to the NSX Manager exclusion list, and then remove it from the exclusion list. This removes all currently tracked flows and re-applies the Firewall. For more information, see the Exclude Virtual Machines from Firewall Protection section in the NSX Administration Guide.