NSX – Save/Export/Import/Load Distributed Firewall configurations

Export Distributed Firewall Configuration

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click Firewall.

3. Click the Export configuration (export) icon.

4. To save the firewall configuration as an XML file, click Download.

5. Select the directory where you want to save the file and click Save.

Your firewall configuration (both L2 and L3) is saved in the specified directory.

Import Distributed Firewall Configuration

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click Firewall.

3. Click the Firewall tab.

4. Click the Saved Configurations tab.

5. Click the Import configuration (import) icon.

6. Click Browse and select the file containing the configuration that you want to import.

Rules are imported based on the rule names. During the import, the Firewall ensures that each object referenced in the rule exists in your environment. If an object is not found, the rule is marked as invalid. If a rule referenced a dynamic security group, the dynamic security group is created in NSX Manager during the import.

Load Distributed Firewall Configuration

You can load an autosaved or imported firewall configuration. If your current configuration contains rules managed by Service Composer, these are over-ridden after the import.

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click Firewall.

3. Ensure that you are in the General tab to load an L3 firewall configuration. Click the Ethernet tab to load an L2 firewall configuration.

4. Click the Load configuration (load) icon.

5. Select the configuration to load and click OK.

The current configuration is replaced by the selected configuration.

If Service Composer rules in your configuration were over-ridden by the loaded configuration, click Actions > Synchronize Firewall Rules in the Security Policies tab within Service Composer.

Leave a Reply

Your email address will not be published. Required fields are marked *