Highlighted
Contributor
Contributor

firewall/sections/<section_id>/rules shows some object with the prefix of "default."

Hi,

when running the Get firewall/sections/<section_id>/rules API, some of source/destination/appliedTo objects are prefixed with "default." :

the name of the security group is Nsx_AAA but i see it as "default.Nsx_AAA"

"sources": [

     {

           "target_id": "51b9313d-c5c7-4b72-9ea7-efc591b72af8",

           "target_display_name": "default.Nsg_AAA",

          "target_type": "NSGroup",

          "is_valid": true

     }

]

So two questions:

1) what does the default prefix represent?

2) is there a way to request the data without that prefix? i need to correlate between objects in the rule to existing SG's and when retrieving the SG's i dont have that prefix, meening i have to drop the default prefix from objects in rules, is there a flag i can use to avoid it?

0 Kudos
5 Replies
Highlighted
Enthusiast
Enthusiast

Hi Cloudistan,

forgive me the question. Which NSX version are you referring??

I tried with GET  /api/4.0/firewall/globalroot-0/config and even whit GET  /api/4.0/firewall/globalroot-0/config/layer3sections/1005/ (as you can see on picture bellow, where 1005 is the section id o layer3) but, I  don't get your result "default.".

Schermata 2019-08-07 alle 10.45.04.png

More reference can be found here.

Best Regards

LM

0 Kudos
Highlighted
Contributor
Contributor

Hi Imogile,

I'm talking about NSX-T.

Help will be appreciated

0 Kudos
Highlighted
Enthusiast
Enthusiast

Hi Cloudistan,

I tried for curiosity on my lab on NSX-T environment, but I can't see the prefixed "default."

I don't really know where it comes from. Now I'm curious to know

Regards,

LM

0 Kudos
Highlighted
VMware Employee
VMware Employee

Same here. Didn't find those.

0 Kudos
Highlighted
VMware Employee
VMware Employee

Those objects are created by the NSX Policy Manager. The "default" references the domain in which the were created.

To query the rules you need to use the policy API. It will be something like /policy/api/v1/infra/domains/default/security-policies/<security-policy-id>/rules

0 Kudos