You can obtain information about the firewall rules that have been associated with a specific compute entity or traffic flow that is displayed in the Security Intelligence visualization canvas. This feature is introduced in Security Intelligence 4.1.1.

View the firewall rule details for a compute entity

A distributed firewall (DFW) rule is considered related to a compute entity (VM or physical server) if the following conditions are true.
  • The compute entity belongs to the Applied To property of the distributed firewall rule, either by being a member of a group listed in Applied To or when Applied To is ANY.
  • The compute entity belongs to either the Sources property or the Destinations property of the rule, depending on the value configured in the Direction setting of the rule. If the Direction setting for the rule is In-Out, then the compute entity can be in both the Sources and Destinations. If the rule's Direction setting is IN, then the compute entity has to be included in the Destinations property. If the Direction setting in the rule is OUT, then the compute entity has to be included in the Sources property.

To view the related firewall rule details for a compute entity, use one of the following methods while in the Security Intelligence visualization canvas.

Method 1: From the Groups view, you can deep dive into a group and view the related firewall details for a specific compute entity in that group.

  1. From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.

  2. Select Plan & Troubleshoot > Discover & Take Action

  3. While in the Groups view, double-click a group's node to deep dive into it and see the compute entities that belong to that group.

  4. From one of the group members' nodes, right-click the node of the compute entity whose related firewall rule details you want to view and select Related Firewall Rules from the contextual menu. The following image illustrates this action.


    Contextual menu for selected VM, while in a deep dive view of a group. Related Firewall Rules is highlighted in the menu

    The Related Firewall Rules dialog box is displayed. For details about the information displayed in the Related Firewall Rules table, see About the Related Firewall Rules table.

Method 2: From the Computes view, you can view the details of the firewall rules that are related to your selected compute entity.

  1. From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.

  2. Select Plan & Troubleshoot > Discover & Take Action

  3. In the Security section, right-click Groups and select Computes from the Objects drop-down menu.

  4. (Optional)

    Apply filters to refine the criteria used when displaying the compute entities in the visualization canvas.

  5. Click Apply.

  6. Right-click the compute entity whose related firewall rule details you want to view.

  7. Select Related Firewall Rules from the contextual menu.

    The Related Firewall Rules dialog box is displayed. For details about the information displayed in the Related Firewall Rules table, see About the Related Firewall Rules table.

View the firewall rule details for a traffic flow

From a traffic flow line, you can view details about the firewall rules that were in effect at the time of the selected flow.

  1. From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.

  2. Select Plan & Troubleshoot > Discover & Take Action

  3. Whether you are in the Groups view or Computes view, right-click the traffic flow whose related firewall details you want to view and select Flow Details from the contextual menu.

    The Flow Details dialog box for groups or compute entities is displayed and the Completed Flows tab displays the compute entities that participated in the traffic flow whose details you are viewing. You can use the Filter mechanism to narrow the list of flows displayed.

  4. In the Completed Flows table, expand one of the rows for the compute entity associated with the flow and locate the Firewall Rules in Effect section, as illustrated in the following image.


    Flow Details between Groups dialog box with flow details expanded and the Firewall Rules in Effect circled.

    Hinweis:

    The details displayed in the Firewall Rules in Effect section are the latest information available for the firewall rule that has the same rule ID associated with the flow details you are viewing. The information might not reflect the same rule details that were in effect when the traffic flow occurred.

About the Related Firewall Rules table

The following image is an example of the Related Firewall Rules table that gets displayed after selecting Related Firewall Rules from the contextual menu of a VM's node. In this example, the displayed information is for the ubuntuvm6 VM.
Related firewall Rules dialog box for the ubuntuvm6 VM. The SecurityPolicy-1 row is expanded to display 1 of 2 rules that belong to the policy.

The firewall rules are grouped by policy. You can use the Filter mechanism to narrow the list of policies displayed. You can filter by name or ID.

The rule details are displayed when you expand the row for a policy. In the above image, the row for the SecurityPolicy-1 policy is expanded and displays only one of two rules that belong to the policy.

The table displays read-only information about all of the distributed firewall rules related to the ubuntuvm6 VM. To manage the details about all the firewall rules in the policy and to view the other rules that are not listed in this table, click the icon to manage the DFW rule icon on the far right side. The details about the selected policy are displayed on the Security > Distributed Firewall UI page. You can make changes to the rules and the policy, as needed, on that UI page.