You can search for NSX Firewall rules in VMware Aria Operations for Networks.

Table 1. NSX Firewall Rules Queries
Search Query Description
VM where incoming rules.Source Any

View rules with any source (can combine with a specific port).

Firewall rule where action = allow and service any = true

View firewall rules that allow any ports.

Firewall Rule Masked Alert View the list of unused firewall rules.
New firewall rules in last 24 hours View the firewall rules created in the last 24 hours.
New firewall rules in last 7 days View the firewall rules created in the last 7 days.
New firewall rules in last 30 days View the firewall rules created in the last 30 days.
Firewall rule where flow is not set View the list of all inactive firewall rules.
Flow group by firewall rule View the count of flows hitting each firewall rule.
Security group where Indirect Incoming Rules is not set and Indirect Outgoing Rules is not set and Direct Incoming Rules is not set and Direct Outgoing Rules is not set View the security group that is not used.
Ipset where Indirect Incoming Rules is not set and Indirect Outgoing Rules is not set and Direct Incoming Rules is not set and Direct Outgoing Rules is not set View the IPSet that is not used.
Flow where rule id in (1011, 1012, 1013) Flows hitting a specific rule ID.
Flow where application = app1 Flows hitting the application.
  • Unused firewall rules

  • Firewall rule Masking rule alert