Rule Realization Status on UI

You can see the rule realization status for DFW and Gateway firewall policies by navigating to Security > Distributed Firewall or Security Gateway Firewall, and checking the rule realization status reported by transport nodes.

Rule Realization Status Through APIs

If the rule was created and enforced at relevant nodes, the realization status can be checked by following Policy Manager APIs.

To check realization status for all the entities created in policy manager run the command: GET: https://<Policy Appliance IP>/policy/api/v1/infra/realized-state/realized-entitiesThe realized state of the object should be "REALIZED" and 'runtime_status' should be "SUCCESS"

For example, the query to check the realized state of <e2d4c010-96c8-11e9-8c0a-f7581ab92530> of security policy at the Policy manager level is <f96f27c0-92b8-11e9-96af-b5e746a259e7> is GET https://10.172.121.219/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/domains/default/security-policies/f96f27c0-92b8-11e9-96af-b5e746a259e7/rules/e2d4c010-96c8-11e9-8c0a-f7581ab92530

{
"results": [
{
"extended_attributes": [],
"entity_type": "RealizedFirewallRule",
"intent_paths": [
"/infra/domains/default/security-policies/1-communication-560"
],
"resource_type": "GenericPolicyRealizedResource",
"id": "default.1-communication-560.3-communication-110",
"display_name": "default.1-communication-560.3-communication-110",
"description": "default.1-communication-560.3-communication-110",
"path": "/infra/realized-state/enforcement-points/default/firewalls/firewall-sections/default.1-communication-560/firewall-rules/default.1-communication-560.3-communication-110",
"relative_path": "default.1-communication-560.3-communication-110",
"parent_path": "/infra/realized-state/enforcement-points/default/firewalls/firewall-sections/default.1-communication-560",
"intent_reference": [],
"realization_specific_identifier": "1028",
"state": "REALIZED",  
"alarms": [],
"runtime_status": "IN_PROGRESS",
"_create_user": "system",
"_create_time": 1561673625030,
"_last_modified_user": "system",
"_last_modified_time": 1561674044534,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 6
}
],
"result_count": 1
}

To check the overall realized status of section of every rule in a section on the hypervisor run the command:GET https://<policy-mgr>/policy/api/v1/infra/realized-state/status?include_enforced_status=true&intent_path=<Security_policy_path>.