VMware Networking Community
thomasross
Enthusiast
Enthusiast
‎08-17-2017 04:24 PM

How do I audit the NSX firewall rules ?

Our auditor is not happy with a manually created spreadsheet which we have.  And exporting the rules provides an XML format. I imported this into an excel spreadsheet but the header metadata is meaningless. How can I have a meaningful metadata ?

Basically, how can I have something I can export on a real-time basis that shows the firewall rules in a meaningful way ?

One more question is there a place in the NSX firewall rule where I can type in a description of the rule

Thanks

Tommy

0 Kudos
2 Replies
rajeevsrikant
Expert
Expert
‎08-17-2017 11:02 PM

You can add the description either in the name field or in the comments field.

Normally we define any specific description about the rules/polices in the comment field.

It is hidden by default. Need to select it manually to make it visible.

pastedImage_0.png

0 Kudos
rajeevsrikant
Expert
Expert
‎08-17-2017 11:06 PM

I have not tested in from my end but the below links says it is possible via Power CLI.

They have explained how to achieve it.

https://tonysangha.com/2016/10/20/documenting-the-nsx-v-dfw-with-powernsx/

GitHub - tonysangha/PowerNSX-DFW2Excel: Export the NSX for vSphere Distributed Firewall to MS Excel

0 Kudos