VMware Aria Operations for Networks supports the visibility of the NSX distributed firewall rules for which there have been no flows for some time. These rules are known as inactive rules. Such rules use memory heap and can cause security issues. To monitor these inactive rules, VMware Aria Operations for Networks provides the following two widgets in the Security dashboard:
Note: To view the Security dashboard, enter Security in the search bar.
- Unused NSX Firewall Rule: This widget lists all the NSX firewall rules where no flow is reported on the given time. You can also use the following search query to retrieve these rules:
nsx firewall rule where flow is not set
Note: Ensure that you have enabled NSX Distributed Firewall IPFIX for the specified time.