VMware Networking Community
elieqt
Enthusiast
Enthusiast
‎10-14-2019 12:46 PM

DFW Rule

Hello,

By mistake I have changed the default policy on the distribution firewall from Allow to Block and after that all network traffic stopped to the virtual machines. I'm not able to access the vCenter to rollback the policy, is there any way to change the policy from CLI on NSX Manager?

0 Kudos
1 Reply
mauricioamorim
VMware Employee
VMware Employee
‎10-14-2019 01:36 PM

You can manage the DFW using APIs, which are directed to the NSX Manager. Take a look at API guide: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/nsx_64_api.pdf

Here is a blog post with some examples to help you out: NSX Distributed Firewall Sections and Rules via APIs – Eat Sleep Virtualize Repeat

If you are desperate you can use an API call to reset the DFW to default config, which will solve your problem but you will have to re-create all your rules. For this procedure refer to VMware Knowledge Base

Best practice states that vCenter should be added to the DFW exclusion list.

0 Kudos