In NSX/Networking & Security/Firewall we have perhaps 20 different firewalls setup each with a number of rules.
I want to be able to quickly search for a VM or IP address and find out which firewall/s is referring to this specific
host.
By the same token I would like to be able to go to NSX/Networking & Security/NSX Edges and search all edges
for existence of a particular VM or IP address.
Any advice on how to go about these searches? Thank you.
Could you explain on what are you referring to when you talk about host? ESXi host or Guest VM or something else?
If you are using Security Composer, you will have visibility on which Security Policy is applied on a specific VM or the other way around which VMs get which Security Policy.
For the edge, are you trying to identify which edge is a particular VM connected to?
Are you looking for solution through the vSphere Web Client UI or it can be anything (REST API, PowerNSX, etc)?
I am not sure if i understood your question clearly.
If you are looking for searching which firewall policy is applied to a particular VM just use the filter option as shown in the attached screen shot.
Select the VM for which you are looking for the firewall policies & search it. It will show you all the firewall policies applied.
For host - I am referring to either the IP address of a particular guest VM or the name of a specific VM. If I could search also by
name of a virtual server or pool - bonus points.
When I go to NSX edge I want to find the same - a paricular IP address of a guest VM, VM guest name, virtual server or pool.
The issue is that a ticket comes in requesting that a tweak to a certain load balancer configuration or firewall. They maybe
send me a host name or virtual server name. I end up hunting through several NSX Edge/Load Balancer configs or firewall
sets manually to try and hunt down where I should be aiming my efforts. There's surely a better way. 🙂
sorry didnt see the reply from bayupw
You can probably use REST API / vRO workflow to take input of IP address then search across all Edge/Firewall and return you the Edge name.
Or maybe use write a function based on PowerNSX NSX Edge Load Balancer and Get-NsxEdge | Get-NsxLoadBalancer and find a a value such as IP address and return you the Edge name/Edge-ID
I don't think this feature is available out of the box.
Try to use traceroute for finding NSX Edge and Traceflow to find DFW rule
Unfortunately Traceflow cannot have an NSX Edge in the path between Source and Destination VMs
VMware Documentation Library - Use Traceflow for Troubleshooting
ttp://networkinferno.net/whats-new-in-nsx-6-2-traceflow