Highlighted
Contributor
Contributor

VRNI Application to NSX Firewall Rules

Hello,

I've installed vRealize Network Insight (VRNi), built an application in VRNi, and then exported Firewall rules generated by the application.

There's no great way to import the exported VRNi firewall rules into NSX? (either distributed firewall section, or service composer with security tags, security groups, etc.).

Does anything know of a procedure to accomplish this and/or make this task nimble to perform?

Tags (3)
0 Kudos
4 Replies
Highlighted
VMware Employee
VMware Employee

The option to export as XML that can be pushed to the NSX API only works when you're grouping by Security Group.  That said, if you've already got NSX deployed, you can pre-build security groups there rather than building applications in vRNI and export the rules that way.

0 Kudos
Highlighted
Contributor
Contributor

Hi,

I've been working with VMWare support which gave me examples of how to do every piece of the process using REST api. Security Tags, Security Groups, Firewall rules, etc.

This isn't a nimble process.

Thank you for the reply.

0 Kudos
Highlighted
Enthusiast
Enthusiast

Please be aware that unfortunately VMWare is not able to provide scripts or script debugging support. VMWare can guide to documentation and any examples provided within documentation, however it is not able to help script the actual input/output that may be required for a given environment. This would need to be trial and error tested outside the realm of VMWare support. API scripting would also fall under this umbrella. The vRNI API does provide examples of things and how this output may be gathered from vRNI through API, however the support of automating this API output, and then input into NSX would not be supported.

0 Kudos
Highlighted
Enthusiast
Enthusiast

decided to use this one "AutoNSX"  https://digitout.net/services/autonsx/.  DevOps team is truly happy with it. No scripts, workflow-based, log information is available, RBAC which user/admin which application is segmented, AD integrated. Actually, we are using it as an automation tool for micro-segmentation in a brownfield environment. It creates all objects in NSX like security groups, sections, tags, add tags to VMS that are listed in vRNI as application basically everything that has to be created manually it is automated. and I would say simply to be used even if admin is not familiar with NSX interface there will be no issues to do micro-segmentation

0 Kudos