slinuxuzer2
Contributor
Contributor

VRNI Recommend Rules Export/Import Question

Jump to solution

Hello all, wondering if anyone can assist with a few questions. I recently noticed that when exporting VRNI recommended rules as CSV my VRNI seems to summarize physical machines into the CSV as "Other entities", I'm reading that in order to import recommended rules into NSX I need to use XML exports and the exports have to be based on Security Groups or Application Tiers. A couple questions.

1. When we say security groups, do we mean NSX Security groups that VRNI is discovering?

2. When we say application-Tiers, do we mean VRNI configured application Tiers? If so what does this equate do in NSX upon import, do the "Tiers" get created in NSX as security groups?

3. What options are available for importing the XML items into NSX? Is it raw API only, or is there a UI or GUI tool?

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
smitmartijn
VMware Employee
VMware Employee

Hi,

The "Other" entities can be found in the interface. When using the donut and before you get to the recommended firewall rules, there is a magnifying glass on the line of the "Other" entities, which will list them out for you. You can export those to CSV separately.

1. A "Security Group" can currently be an NSX SG or an AWS SG.

2. Everything application related inside vRNI is a part of its own application constructs. They'll be translated to security groups in the XML export, yes.

3. There is an import tool available, but it's not publically available because GSS does not support it. Contact your local NSBU rep for the tool.

Hope that helps,

View solution in original post

0 Kudos
3 Replies
smitmartijn
VMware Employee
VMware Employee

Hi,

The "Other" entities can be found in the interface. When using the donut and before you get to the recommended firewall rules, there is a magnifying glass on the line of the "Other" entities, which will list them out for you. You can export those to CSV separately.

1. A "Security Group" can currently be an NSX SG or an AWS SG.

2. Everything application related inside vRNI is a part of its own application constructs. They'll be translated to security groups in the XML export, yes.

3. There is an import tool available, but it's not publically available because GSS does not support it. Contact your local NSBU rep for the tool.

Hope that helps,

View solution in original post

0 Kudos
slinuxuzer2
Contributor
Contributor

Thank you so much for your prompt and detailed response, you've been a big help.

0 Kudos
tanurkov
Enthusiast
Enthusiast

I’m using this tool AutoNSX from Migrate recommended firewall rules from VMware vRNI to NSX | Export firewall rules from vRNI to NSX  . What it does it create all rules /export them from vRNI / and create all related objects in NSX v and NSX T . It’s very powerful. Give it a try

0 Kudos