firewall/sections/<section_id>/rules shows some ob...

Cloudistan · ‎08-06-2019

Hi,

when running the Get firewall/sections/<section_id>/rules API, some of source/destination/appliedTo objects are prefixed with "default." :

the name of the security group is Nsx_AAA but i see it as "default.Nsx_AAA"

"sources": [

{

"target_id": "51b9313d-c5c7-4b72-9ea7-efc591b72af8",

"target_display_name": "default.Nsg_AAA",

"target_type": "NSGroup",

"is_valid": true

}

]

So two questions:

1) what does the default prefix represent?

2) is there a way to request the data without that prefix? i need to correlate between objects in the rule to existing SG's and when retrieving the SG's i dont have that prefix, meening i have to drop the default prefix from objects in rules, is there a flag i can use to avoid it?

lmoglie · ‎08-07-2019

Hi Cloudistan,

forgive me the question. Which NSX version are you referring??

I tried with GET /api/4.0/firewall/globalroot-0/config and even whit GET /api/4.0/firewall/globalroot-0/config/layer3sections/1005/ (as you can see on picture bellow, where 1005 is the section id o layer3) but, I don't get your result "default.".

More reference can be found here.

Best Regards

LM

Cloudistan · ‎08-19-2019

Hi Imogile,

I'm talking about NSX-T.

Help will be appreciated

lmoglie · ‎08-29-2019

Hi Cloudistan,

I tried for curiosity on my lab on NSX-T environment, but I can't see the prefixed "default."

I don't really know where it comes from. Now I'm curious to know

Regards,

LM

mauricioamorim · ‎08-29-2019

Same here. Didn't find those.

DaleCoghlan · ‎09-10-2019

Those objects are created by the NSX Policy Manager. The "default" references the domain in which the were created.

To query the rules you need to use the policy API. It will be something like /policy/api/v1/infra/domains/default/security-policies/<security-policy-id>/rules

All

firewall/sections/<section_id>/rules shows some object with the prefix of "default."