VMware Networking Community
ajmats
Contributor
Contributor
‎04-28-2016 11:34 PM

Concerns with DFW

Hi Experts,

thanks for the advise regarding "When editing rules while we have a filter, and publishing them, the rules that were filtered out are deleted" . We had the same issue and have upgraded to version 6.2.2. It sure has fixed the problem. But now we face other issues.

Hope you may be able to help us.

1) I am not able to edit any rule which I have filtered. And since we have numerous rules in our environment under different sections its become really difficult to scroll through our rules and find there rule we need to edit.

the only option that it allows to edit when the filter is applied is the enable rule check mark. Other than that all other fields are locked down.

2)Also is there a way to search for a section? We do have a rule name filter but i can't find how to search for a section.

3) Also when i add a new rule in a section below, the page jumps to the first line of the configuration. Making it difficult to scroll through the numerous rules we have to identify the new rule I am trying to create under the section.

4) Is there a way to move sections quicker than just one line/step at a time?

5) We have provided the maximum resources possible for NSX and still when we try to export configuration it takes 30 minutes. is this normal ?

we still see more configuration to be added in the near future. Will that mean the time that it takes will become even more?

6) Is there a way to convert the XML file into excel. I have tried different types of converters but the content always gets jumbled.

7) As we are in a dynamically changing environment we have objects (VM) created and deleted all the time. We have experienced an issue when there are rules existing for a deleted object, rules cannot be published until these rules are deleted manually. We are also submitting rules using the REST-API through our custom portal. So will this mean that all rules that were submitted (manually / REST-API) when there is a deleted object in on of the existing rules would fail ?

Is there any way to get around this and just prompt for stale rules instead of preventing publishing new rules.

Would hope to hear from experts.

Best Regards,

Aj

Tags (1)
0 Kudos
3 Replies
bayupw
Leadership
Leadership
‎05-14-2016 10:39 AM

Hi, try to open a case to VMware Support / GSS for each of the issue.

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
abruggemanNL
Contributor
Contributor
‎05-20-2016 03:02 AM

Hi Aj,

I share your concerns, unfortunately I can't answer all your questions.

Concerning 1) In the upper right corner of the access-list, select the "Rule ID" checkbox. This adds a column with the rule ID, which doesn''t change, like the rule number does.

It's not perfect, but it may help finding back the right rules.

Concerning 3) according to the release notes this should be fixed in 6.2.2. But according to your experience, it's not. I haven't upgraded yet.

Overall, I heard NSX 6.3 would be released in the coming month. The things you mention should really be fixed by VMware.

Regards,

Albert

0 Kudos
ajmats
Contributor
Contributor
‎06-10-2016 10:03 PM

to add to the list.

😎 Some times a single rule push takes over 25 minutes. Any way to improve this ?

9)  there is no notification of deleted VM. I understand that it shows up once i login and view the GUI, but when we need to make a change we are prompted with several faulty/stale rules becasue the object is missing and its a pain to identify and clear this when we need to push some rules urgently.  Is there any way to notify as and when a VM gets deleted, so the regular cleanup task will prevent our issue of being stuck during a rule push.

Best Regards,

Ajay Mathews

0 Kudos