Finding NSX Security Groups Backed by Active Directory Groups

Just a quick post on PowerNSX, I was working with a customer who had a large number of security groups configured within their NSX environment. For troubleshooting purposes they needed to remove security groups that were backed by Active Directory groups but there wasn’t an easy way to tell from the UI which groups these were (and they didn’t remmeber the names at this point) Fortunately, a 1 line command in PowerNSX did the heavy lifting for us. # This

Continue Reading

Change Segment IDs in NSX to Avoid Overlapping

Use case: Often with a standalone NSX deployment a segment ID range of 5000-5999 is used. This same range may be used across multiple sites but once you want to start leveraging cross-vCenter NSX functionality you will want to have different segment ID’s (as an example, 5000-5999 at site 1, 6000-6999 at site 2 and 10000-109999 for Universal). In this post we will walk through the process of changing the segment ID’s at the secondary site. We will be using

Continue Reading

Building a NSX Distributed Firewall Hit Count Chart in Log Insight

One request I have had a few times now is how to build out a NSX Distributed Firewall chart that includes rule hit count within Log Insight. Read on to learn how. The first step is to ensure that your Distributed Firewall Rules are set to log (by default it is set to no). If you need to bulk enable rules to log, see this previous post for how to do it easily with PowerNSX. Go to the Interactive Analytics

Continue Reading

Bulk Enable Logging on all NSX Distributed Firewall Rules

A customer of mine who has NSX deployed in production recently added vRealize Log Insight into their environment. Since they have been using NSX for quite some time already they had a large number of rules created for the distributed firewall. All of the rules currently were not set to log to a remote syslog server, without a setting in the UI to modify all the rules at once to enable logging they were looking for the easiest way to do this.

Continue Reading

NSX – Creating Universal IP Sets from Existing Standalone IP Sets

Scenario: Customer has an existing stand-alone NSX deployment and is leveraging IP Sets. Recently they moved to a cross-vCenter NSX deployment and now want to use the previous non-Universal IP sets as Universal IP sets without manually creating each one. Enter PowerNSX View the code on Gist. Here is a screenshot before the script ran, I have a few IP sets with various types of members (single IPs, ranges). And here you see after the script has ran, it takes

Continue Reading

Site Footer