0 Replies Latest reply on Jun 26, 2018 4:42 AM by Czernobog

    NSX-T 2.x - API Call to list all Sections and Rules

    Czernobog Enthusiast

      Hello,

      I am looking for an afficient way to request a list of firewall sections AND rules, similar to what can be done in NSX-V with GET /api/4.0/firewall/globalroot-0/config

      So far, by testig out different calls provided here: NSX-T Manager API Guide I assume I would have to iterate through all of the sections and list member rules for each. This seems terribly inefficient if you need to request the whole firewall configuration.

      Some background: In my environemnt, users who deploy VMs using vRA are able to list and create new firewall rules & sections in NSX-V. These services are based on vRO workflows. At the moment I poll the whole NSX-V DFW configuration in regular intervals and place it in a vRO Resource Element. When a user wants to list or modify a rule, the value of the Resource Element is queried (amongst other things), which is much faster (which is important for the user interaction) then running an API call for each section and rule which affects the users' vms.

       

      Edit 26.06.2018:

      I have built a workaround for myself in the meantime, you can check it out yourself. It works with vRO 7.4 and NTX-T 2.2, but of course I cannot guarantee it will work in your environment.

      Just fill in the attribute values and the rest operations in the nested workflows, the rest operations are named like the one in the swagger stack.