top of page

Distributed Firewall

In this article

  • 1. Feature Description

  • 2. Setup

  • 3. Overview

  • 4. Consistent User Experience

  • 5. Unified Editor

  • 6. Other Differentiating Features


Feature Description

The ReSTNSX Distributed Firewall (dFW) dashboard is for performing day to day management of rule sets with additional tools for operational effectiveness. The interface is light-weight and feature rich for administrators, operators and auditors to perform their duties. Similar to other aspects of the ReSTNSX, each function (view, add, edit, delete and launching of tools) with the dFW dashboard is access controllable via the system RBAC settings.

Minimum Release: 1.0 
Application: NSX-v, NSX T 
License: Enterprise 
Privilege level: Audit or higher

Setup

No setup required.


Overview To top

To view the dFW dashboard, navigate to Operations > Distributed Firewall. The entire rule set for the active data source will be displayed.

Sections can be expanded for viewing by clicking on the white rule count bar in the center of each section or to expand/collapse all sections, select the appropriate option from the global menu.


Operational tasks for dFW are similar to that offered natively within the NSX Manager plugin but with additional ease of use, features and consistency.

⚠️Rollback is not available for rule publishing.



Consistent User Experience To top

ReSTNSX provides identical user experiences regardless of the data source NSX version or type. The dFW user experience of a user using NSX-v 6.4(2) vs 6.4(4) is exactly the same. Furthermore, the experience is maintained across NSX types – NSX-v and NSX T. If a user knows how to manage dFW using ReSTNSX, the operational curve is eliminated between minor, major and NSX types. Below is a comparison of a NSX 6.4(4) and NSX T 2.4 data source where the user experience remains intact.


Unified Editor To top

The dFW Unified Editor is an alternate method for viewing and editing rule source, destination and service criteria. Typically, each of these are managed under separate windows. Prior to the Unified Editor, to create a single rule, at least three separate windows would need to be opened and navigated.

ℹ️ Unified Editor for NSX-v and NSX T was introduced in release 3.2


For each rule, an edit icon has been introduced that allows users to enter all three criteria at one time.

Other Differentiating Features

  • Effective Members to display the realized VM and IPs for a rule

  • Cluster and Host status / synchronization to determine if the rules and objects are up to date

  • dFW Mover for copying rules between one or many NSX destinations

  • Rule analyzer to review the anatomy and usage of a section

  • vRNI Cross-launch to see flows matching a given dFW rule

  • CSV-based import and export of rules

  • Section locking – even for NSX versions that did not natively support locking

Comments

bottom of page