Tag: Security

Posted on

NSX Intelligence: Checking Applied Rules on a VM

A short conversation on how to check the applied Distributed Firewall Rules on a VM by using NSX Intelligence!!

CuriousTechie: Hello IT Guy, during our last conversation here we discussed about three ways to check applied DFW rules but you did mention there is another way to check the rules, can we talk about that?

ITGuy: Sure ! You can leverage Security Intelligence aka NSX intelligence to validate the rules applied on a VM.

CuriousTechie: I have been using Security Intelligence to get flow information and recommendations but never seen how to check applied rules using it, can you show me?

ITGuy: Sure !

  1. Go to Plan & Troubleshoot
  2. Go to Discover & Take Action
  3. On the Top bar Select Computer -> Search and select the VM that you want to check the applied rules.
  4. Right click the VM -> Go to Related Firewall Rules
  5. You will see all the rules applied on that particular VM
Continue reading “NSX Intelligence: Checking Applied Rules on a VM”
Posted on

3 Ways to Verify Applied Distributed Firewall Rules on a VNIC

A short conversation on how to check the applied Distributed Firewall Rules on a vnic!!

CuriousTechie: Hello IT Guy, I am working on a project to implement DFW rules in an environment and often need to check exactly what firewall rules are applied on a vnic, is there a way to do that?

ITGuy: Sure ! We can talk about three different ways to do that and we can talk about pro’s and con’s of each.

CuriousTechie: Okay cool!

ITGuy:

  • From NSX UI
  • From ESXi Host shell
  • From ARIA Operations for Networks aka vRNI
Continue reading “3 Ways to Verify Applied Distributed Firewall Rules on a VNIC”
Posted on

Quick NSX D-IDPS validation

A conversation about basic validation of NSX Distributed Intrusion Detection and Prevention System

CuriousTechie: Hey IT Guy, I am doing a Green filed deployment and have enabled NSX distributed IDPS in the environment. It may take few days to setup a testing environment with Security testing tools to simulate attacks and validate if the NSX D-IDPS is actually working or not. Is there a way to quicky validate the basic intrusion detection and prevention functionality of the solution?

Continue reading “Quick NSX D-IDPS validation”