VMware Networking Community
KKSAdmin
Enthusiast
Enthusiast
‎09-06-2018 07:46 AM

Migrate NSX-V rules to NSX-T

We are in the process of migrating from NSX-V to NSX-T.

Many of our DFW rules leverage virtual machines as objects which does not appear to be a paradigm within NSX-T.

Is there any PowerCLI available that will assist in collecting the IPs for each VM object and rewriting the rules using IP addresses?

We know there is a migration tool in the works, but we are looking for something now.

Thanks in advance!

0 Kudos
2 Replies
bayupw
Leadership
Leadership
‎09-06-2018 12:08 PM

You can try PowerNSX-DFW2Excel which is now part of NSX-PowerOps

DFW2Excel can export VM Info which will list VMs, IP address and VM ID that you are after

pastedImage_2.png

There is also a sheet on Security Group and you can do a lookup on VM_info by VM name or VM ID to get the IP address

pastedImage_9.png

Lastly there is also a sheet on the layer 3 firewall rules so you can do another lookup (maybe create a new column) to map the Security Group to IP address

pastedImage_10.png

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
KKSAdmin
Enthusiast
Enthusiast
‎09-07-2018 09:49 AM

Funny you mentioned this.  I had used this before and was thinking about using this as a basic for rebuilding groups/IPSets and rules on the NSX-T side.

It will be a bid tedious but do-able.

Thanks!

0 Kudos