Message Image

Skip main navigation (Press Enter).

VMware NSX

View Only

Back to discussions

Expand all | Collapse all

DFW Rule

elieqtOct 14, 2019 07:46 PM

Hello, By mistake I have changed the default policy on the distribution firewall from Allow to Block ...

Mauricio Queiroz Santos AmorimOct 14, 2019 08:36 PM

You can manage the DFW using APIs, which are directed to the NSX Manager. Take a look at API guide: ...

1. DFW Rule

0 Recommend
elieqt
Posted Oct 14, 2019 07:46 PM

Reply Reply Privately
Hello,
By mistake I have changed the default policy on the distribution firewall from Allow to Block and after that all network traffic stopped to the virtual machines. I'm not able to access the vCenter to rollback the policy, is there any way to change the policy from CLI on NSX Manager?
2. RE: DFW Rule

0 Recommend
Broadcom Employee

Mauricio Queiroz Santos Amorim
Posted Oct 14, 2019 08:36 PM

Reply Reply Privately
You can manage the DFW using APIs, which are directed to the NSX Manager. Take a look at API guide: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/nsx_64_api.pdf
Here is a blog post with some examples to help you out: NSX Distributed Firewall Sections and Rules via APIs – Eat Sleep Virtualize Repeat
If you are desperate you can use an API call to reset the DFW to default config, which will solve your problem but you will have to re-create all your rules. For this procedure refer to VMware Knowledge Base
Best practice states that vCenter should be added to the DFW exclusion list.

Copyright 2024. All rights reserved.

Powered by Higher Logic