For a consolidated view of your policy sections and rules, you can export your firewall configuration to a file. NSX-T Data Center creates a report of your firewall configuration as a CSV file. You can also import a firewall configuration and view it as a draft in NSX-T Data Center.

  • You can choose to export your published configuration, an auto-saved draft, or a manually saved draft.
  • When exporting a firewall configuration on a Local Manager appliance, only the Local Manager configuration is exported. Configuration that has been synced from a Global Manager is not exported as part of the Local Manager configuration.
  • The import operation is not available on a Global Manager appliance.
  • The exported CSV file and the metadata file together are available for download as a ZIP file.
  • You can only run one export operation and one import operation simultaneously. Running multiple export or multiple import operations simultaneously is not supported.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Security > Distributed Firewall.
  3. Export the firewall configuration.
    • To export the current cofiguration, select Actions > Export FW Configuration.
    • To export an auto-saved draft or a manual draft, select Actions > View and click the name of the draft configuration to open Draft details. Click Export Draft.

      The View Draft Details window displays any differences that exist between the saved configuration and the last published configuration.

  4. Enter a passphrase and click Export.
    A notification is displayed when the configuration has been exported.

    You cannot publish a configuration when the export operation is in progress. If necessary, you can cancel the export operation.

  5. Click Download to save the ZIP file containing the CSV and metadata files.
  6. To import a firewall configuration, navigate to Security > Distributed Firewall, and select Actions > Import.
  7. Browse to select the ZIP file containing the configuration that you want to import. Enter a name and the passphrase that was used when saving the configuration, and click Import.

    Ensure that you select a ZIP file that has not been modified after it was downloaded.

    A notification is displayed if the file to be imported is corrupt or the incorrect passphrase has been used.

    Note: You can only import configuration that has been defined in NSX-T Data Center. Importing third-party firewall configuration is not supported.
    The imported configuration is saved as a manual draft in NSX-T Data Center. You can edit the draft and then publish it as required. For more information on working with drafts, see Firewall Drafts.