Issue
I need to know if a NSX-T firewall rules are deployed on a host and are applied to virtual machines.
Solution
The commands to use to verify that the firewall rules are deployed on a host and are applied to virtual machines are :
# summarize-dvfilter and vsipioctlLet's see how to use them below, I would like to say that those tests were carried out on the HOL (hands on labs) made available by vmware, but nothing change on the real life.
In our test, we would like to validate the DFW rule for the VM web-01a.
Located the VM that we want to validate we get SSH into the ESXi host.
So, once logged in, we type ...
# summarize-dvfilter | grep -A 3 vmm0:web-01a... and we look for the name under vNIC slot.
Then to show the appliade rules, we use the command vsipioctl getrules like below:
# vsipioctl getrules -f nic-269171-eth0-vmware-sfw.2
Alternatively, we can use the combined commands as follows ...
# vsipioctl getrules -f `summarize-dvfilter | grep -A 3 vmm0:web-01a | grep name | awk '{print $2}'` 
As we can see from the previous picture, the rules ID 2031, 2032, 2033 are not present on the VM. Why??
Simply, because they are not enabled.
Once enabled and published ...
...if we rerun the command ...
# vsipioctl getrules -f `summarize-dvfilter | grep -A 3 vmm0:web-01a | grep name | awk '{print $2}'`
That's it.
Nessun commento:
Posta un commento