PowerNSX: missing NSX Firewall rule functionality

PowerNSX (for vSphere) is a great tool for SDN automation. I use it on a daily basis and helps me and my customers a lot! But with every good product, there is always room for improvement! One of my customers asked me to add descriptions to existing IpSet object, add services to existing DFW firewall rules and retrieve the DFW firewall rule stats.Unfortunately these functionalities … Lees verder PowerNSX: missing NSX Firewall rule functionality

Usefull vRNI queries to enable micro segmentation

This blog is related to earlier blogs: https://datacenterdennis.wordpress.com/2018/10/11/designing-a-nsx-security-framework/https://datacenterdennis.wordpress.com/2019/01/09/next-gen-network-security-topologies/https://datacenterdennis.wordpress.com/2018/10/10/nsx-security-vs-workability/ Introduction This blog may help you implement micro-segmentation by providing helpful vRNI queries. You can use these queries to identify VMs which should be placed into the different segments. You can read here what vRealize Network Insight is and how it works. This blog will help you using vRNI by identifying application-entities or security groups which can … Lees verder Usefull vRNI queries to enable micro segmentation

NSX-v: understanding and overcoming DFW firewall rule maximums

In this blog I’m going into the deep down holes of the DFW firewall rule maximums of VMware NSX for vSphere. As the stated maximum on the configmax-website are soft-limits and not hard-limits. Let discuss what the hard limit of the amount of DFW rules is. Let’s start by talking about the Distributed Firewall (DFW). The Distributed Firewall The DFW is a firewall which operates … Lees verder NSX-v: understanding and overcoming DFW firewall rule maximums

NSX-V: Security Framework implementation script

This Powershell script is used as an example for deploying a NSX Security Framework as described in this blog. Installing PowerNSX is a prerequisites, and before running this script connect to a greenfield NSX Environment, with the cmdlet: “connect-nsxserver”.This script modifies the default rule to a deny rule, creating a zero trust environment. So don’t use this script in you brownfield environment (you are warned!) Lees verder NSX-V: Security Framework implementation script