Re: Export of DFW from NSXT

bikashyadav · ‎10-25-2023

Any one aware of any PowerCLI module or script to export NSXT DFW rule in csv format ?

Appreciate any input.

Sreec · ‎10-25-2023

You can export the security policies from the NSX U.I in CSV format

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

bikashyadav · ‎11-02-2023

yes that option is there but i was looking for a better formatted data. As the one we get from the gui export is little more of data which again needs to be formatted per requirement.

Sreec · ‎11-06-2023

Another option would be to leverage VMware Aria Operations for Networks

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

bikashyadav · ‎11-06-2023

Thanks i will explore vrops and see if it suffice my requirement.

EvertAM · ‎11-10-2023

Not PowerCLI, but you should be able to retrieve all DFW rules through the API as well.

Loop through this to get all policy id's:
GET /policy/api/v1/infra/domains/<domain-id>/security-policies

Then use the results to loop through this to get an overview of all the rule-ids within each policy:
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules

And finally, you could loop this to get the details for every rule within the policy:
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

This should allow you to output it all in JSON.
Alternatively, consider managing the rulebase through IaC, that should give you a permanent overview of your rules in a repository.