Scripting: NSX-v – Bulk DFW Rule Creation 2

Recently when doing some performance testing with a customer, we wanted to have the ability to bulk create a number of DFW rules. By leveraging some python scripting and the NSX-v API, I came up with a flexible and re-useable script which can be used to create a new section and populate it with up to 997 DFW rules. The reason for creating a new section is so that when it comes time to delete the test rules, its as simple as just deleting the section, which will delete all rules within the section.

But why 997 rules? The reason is that in a default install of NSX-v, there are 3 rules pre-configured by default. So 3 + 997 = 1000. And 1000 is the magical number that we often want to test up to.

The latest version of the script is hosted on GitHub here (

As you can see we have a nice fresh install of NSX-v 6.2



The following example will:

  • connect to NSX Manager with the IP address
  • prompt me to enter the admin user credentials
  • retrieve the etag via the NSX API
  • add 171 test rules under a section called ‘Performance-Testing: 171 Rules’
You can hard code both the NSX Manager IP/FQDN and Password if you want, simply by uncommenting the following lines and updating the details appropriately:
After which you can run the script as follows:
And now you can see all the lovely rules which were created.



Here is how the script currently looks for those who are curious.


Leave a Reply

2 thoughts on “Scripting: NSX-v – Bulk DFW Rule Creation

  • TIM


    very interesting use case , can u give me the steps on how to put the script as am newbie on this 🙂 , so excuse my ignorance , for example what is the platform to use ? am i going to access the NSX manager and put e line for the python ?

    thanks a lots .