VMware Cloud Community
Carlos_E
Enthusiast
Enthusiast
Jump to solution

vCloud Director 8.20 and NSX 6.3.1 - How to disable distributed firewall for a tenant ?

Hi guys,

I posted this on the NSX forum but didn´t get a response, perhaps this forum is more appropriate.

I´ve reading a lot (a lot lot lot), and I have other questions in regards to NSX-vCloud Director way of working but I want to keep this question simple, so here it goes :

- When I want to enable on a vCloud Director tenant the Distributed Firewall functionality I´m presented with this screen :

pastedImage_0.png

With a clear way to enabled it.

Now a couple of questions,

1) How do I go about disabling the Distributed Firewall functionality on a vCloud Director tenant ?

I haven´t found any "disable" button anywhere and have googled and read almost everything, the only thing I could figure is to delete the rules that are shown on that screen ?, is this the "correct" way to disable the Distributed Firewall functionality for a vCloud Director tenant ?

2) I guess if that´s the way to disabled it then to re enabled it I should just add new rules on that screen ?

This is how that screen looks for a different customer after I have deleted all of the rules, it´s not 100% clear to me if this means that the Distributed Firewall is disabled or not...

pastedImage_1.png

Thanks in advance for your time!

1 Solution

Accepted Solutions
kgomulkiewicz
Contributor
Contributor
Jump to solution

5 - no, it's not, yet.  And yes, you have to go to vSphere NSX plugin and manually remove rules not on Edge Gateway tabs, but Firewall tab. If you remove guid's from that tab and go back to the vCloud VDC and choose Manage Firewall from context menu, "Enable Firewall" switch is presented again.

View solution in original post

4 Replies
kgomulkiewicz
Contributor
Contributor
Jump to solution

I revert changes  manually on NSX level. Seems to work fine to me. You have to find the way to identify proper rules on Firewall tabs in NSX because it is presented like identifiers rather than human readable rules.

Reply
0 Kudos
Carlos_E
Enthusiast
Enthusiast
Jump to solution

Hi,

First of all thanks for answering, at least someone gave feedback!!

It´s so hard with vCloud Director and NSX to find some answers to not standard questions...

I´m not sure I fully understood your answer, let me phrase my question again :

1) I enable Distributed Firewall on Customer X (vCloud Director tenant)

2) Run some test

3) I decide I want to disable Distributed Firewall on Customer X (vCloud Director tenant)

4) I´m confronted with not having a "disable" button (like the enable button which does exist to enable Distributed Firewall)

I delete the default rule that seems to be the only rule generated by enabling Distributed Firewall, now at this point :

5) Is the Distributed Firewall feature disabled for Customer X (vCloud Director tenant) ?

From what you are saying I understand that you are pointing me to NSX on the vSphere level, to go check on the Edge Gateway of Customer X to see if there might be some firewalls rules left behind even though the Distributed Firewall screen shows me nothing, is that correct ?

So based on your answer what I can gather is that to disable Distributed Firewall I need to delete all the firewall rules on the Distributed Firewall screen of the Edge Gateway for the tenant and also check at the NSX level if there might be some rules left, did I understand that correctly?

Thanks again for your feedback!

Regards,

Carlos.

Reply
0 Kudos
kgomulkiewicz
Contributor
Contributor
Jump to solution

5 - no, it's not, yet.  And yes, you have to go to vSphere NSX plugin and manually remove rules not on Edge Gateway tabs, but Firewall tab. If you remove guid's from that tab and go back to the vCloud VDC and choose Manage Firewall from context menu, "Enable Firewall" switch is presented again.

Carlos_E
Enthusiast
Enthusiast
Jump to solution

Yes!!!!

You hit exactly what I was looking for!

After removing that GUID from the vSphere NSX Firewall tab I can say that the Distributed Firewall is disabled for that Tenant!

I finally can say that I know how to enable and disable Distributed Firewall on a tenant Smiley Wink

Thank you so much, this was just itching in my head and it was just one of the many things pending in our VMware/NSX/vCloud Director implementation that was just not clear to me how to solve.

One could say that it´s a cumbersome way to disable it since the enabled button lives on the tenant why not the disable button? but hey, at least now I know how to do it.

Thanks again, this allows me to move to other questions (I didn´t wanted to flood the community with many questions at the same time).

Regards,

Carlos!

Reply
0 Kudos