VMware Networking Community
durgaprasadnarn
Enthusiast
Enthusiast

Firewall action result

would like to know if NSX has any feature like " Packet-trace command in Cisco ASA Firewall".

requirement is to know if specific VM has access to talk to any external IP or any other VM . We observed that flowmonitoring is difficult to confirm the result

if there is any API or any other way to see if the Packet is allowed or not, Please let me know.

Thanks in advance

Tags (1)
Reply
0 Kudos
1 Reply
amolnjadhav
Enthusiast
Enthusiast

Hi Durga,

 

  Have you tried traceflow utility in NSX? It is very helpful to troubleshoot if Source and destination are part of NSX.

  Use Traceflow for Troubleshooting

pastedImage_0.png

   2. You can try capturing the packet on EDGE if your destination is outside of NSX.

     Gathering Troubleshooting Data

     Example :

     debug packet display interface vNic_0   host_192.168.20.2_and_tcp_port_443_or_tcp_port_80

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Regards Amol Jadhav VCP NSXT | VCP NSXV | VCIX6-NV | VCAP-DCA | CCNA | CCNP - BSCI
Reply
0 Kudos