On various engagements I am involved with, I often need to produce some code to add or delete objects from NSX-v. These objects in general are things like IP Sets, MAC Sets, Security Groups, Security Tags, Services, Service Groups, Security Policies and even deleting the FW rulebase itself. Until recently […]
NSX-v allows the creation of Security Groups to group objects to be used in DFW rules and security policies. Each security group can have a mix of static and dynamic membership (If you want to get picky, you can also statically exclude objects). One of the possible ways to dynamically […]
When faced with migrating from a Checkpoint installation to a VMware NSX-v installation, at some point someone is going to need to get all the objects across to the new firewall platform. I was recently asked to help add some functionality to a script to take some data from an odumper csv output and pump it into NSX-v.
When using the NSX-v distributed firewall (DFW) have you ever need to find out if a service has already been configured in the system for a particular port number? Recently I was given a sample ruleset from a client to re-create in the DFW, and one thing that stood out was that […]
Over my years as a network engineer there has always been some element of scripting required. Whether it was formally required by a project, a particular situation or whether it was because i was sick of doing the same thing over and over again and wanted to make my life […]
