VMware Networking Community
Czernobog
Expert
Expert

NSX API - Filter Firewall Configuration with wildcards?

I have tagged existing firewall rules with tags, which correspond to the security group names where the vm's the rules are applied to reside. The NSX Appliance is part of a vRA environment, where users can provision VMs themselves and where some NSX DFW rules are applied by default and some can be set by the users themselves. I now want to give my users the ability to get a list of firewall rules that are applied on VM's owned by them or their business groups.

In the NSX DFW you can only apply one tag to each rule, but in my case I would have to apply more than one tag. I try to solve this by combining tags into one string and separating them with commas, for example: "DevGroup1,BusinessGroup2,ClientDepartment3" etc. Now if I wanted to filter out rules applied to "ClientDepartment3" I would have to use a wildcard in my URL, which would look like this:

https://NSXFQDN/api/4.0/firewall/globalroot-0/config?ruleType=LAYER3&tag=*ClientDepartment3*

This does not work and returns an empty response. I've tried different wildcard symbols and also applying a "&wildcard=true" to the URL. I don't exactly know how the server handles wildcards and if it is even possible to apply those in an URL. The API 6.2 documentation does not mention wildcards.

Is there a way to get a filter like that to work? Maybe with a regex instead of plain wildcard symbols?

Tags (2)
Reply
0 Kudos
1 Reply
jcrubino
Contributor
Contributor

Hi,

I'm having a similar request. Have you found a way to filter this ?

Thanks

Reply
0 Kudos