Find Duplicate DFW rules via Powercli

TarunGuptaAccen · ‎03-07-2019

Hi team ,

I am looking for a Powercli Script to find out Duplicate DFW rules. Let say in my environment ,i have 3500 + DFW rules . Now i can use filter to search each rule one by one ..

but what i am looking for is a script which looks into each DFW policy ..checks IP set or Virtual Machines and let me know Duplicate rules.

Thanks a lot .

Raducanu · ‎03-10-2019

Oh, this is hard stuff and a bit more than just a few PS lines.

We are using Tufin for this (not only for NSX, for any kind of our FW). It shows you duplicated, shadowed or partial shadowed FW rules.

May you give it a try

TarunGuptaAccen · ‎03-11-2019

Thanks Raducanu,

I will try to download "tufin tool " ,is this tool free ?

My worry is we are using NSX 6.3.2 and there is no accountability . I have already asked in another discussion that how to find out who published or modified DFW rule . We are running operations and there are more than 1500 DFW rules in each datacenter ... is this tool free ?

We had a discussion with VMware architects and we are moving towards VRNI to have a more sight on DFW rules and their Monitoring

All

Find Duplicate DFW rules via Powercli