VMware Networking Community
rssauer71
Contributor
Contributor
‎05-14-2018 06:05 AM
Jump to solution

Copy firewall rules between Edges

Hi,

We have a Cross vCenter NSX setup.

Whereas Site A is Active and Site B is passive.

I have configured firewall rules on the Edge at site A.

I want to copy those firewall rules to the Edge at site B.

What would be the easiest method?

Thanks, Raymond

0 Kudos
1 Solution

Accepted Solutions
cnrz
Expert
Expert
‎05-14-2018 09:06 AM
Jump to solution

Misunderstood The question is related with Edge Firewall, which rules are not replicated automatically:

Support Matrix for NSX Services in Cross-vCenter NSX

To manage rule and object consistency on both sides automatically, provisioning and automation tools such as VRA, Terraform, Ansible or powerNSX, NSXAnsible could be used, if the rules do not chage frequently a script similar to following (the link is for Vshield Edge) could be helpful:

vCloud API and PowerCLI – Import/Export vShield Edge FW Rules – vScratchpad

View solution in original post

0 Kudos
3 Replies
cnrz
Expert
Expert
‎05-14-2018 08:52 AM
Jump to solution

With Cross-vCenter configuration, Universal dFW section objects and rules configured on the Primary Site  replicate to the secondary site automatically

These links could be helpful:

Universal Firewall Rules

Add a Universal Firewall Rule

Create Universal Security Policies with Cross-VC NSX active/active site deployments - Iwan’s wiki

Multi-site with Cross-VC NSX: Consistent Security and Micro-segmentation Across Sites - Network Virt...

0 Kudos
cnrz
Expert
Expert
‎05-14-2018 09:06 AM
Jump to solution

Misunderstood The question is related with Edge Firewall, which rules are not replicated automatically:

Support Matrix for NSX Services in Cross-vCenter NSX

To manage rule and object consistency on both sides automatically, provisioning and automation tools such as VRA, Terraform, Ansible or powerNSX, NSXAnsible could be used, if the rules do not chage frequently a script similar to following (the link is for Vshield Edge) could be helpful:

vCloud API and PowerCLI – Import/Export vShield Edge FW Rules – vScratchpad

0 Kudos
rssauer71
Contributor
Contributor
‎05-16-2018 02:14 AM
Jump to solution

Hi Canero,

Thanks for the info.

I'll have a look at these tools.

Cheers, Ray

0 Kudos