After you have resolved all configuration issues, you can migrate the Distributed Firewall configuration. When the configuration is migrated, logical object configurations are realized in NSX-T environment, which replicate the NSX-T logical object configurations.
Verify that you have completed the Resolve Configuration step.
- From the Migrate Configuration page, click Start.
- Verify that the Distributed Firewall configuration objects are displayed in your NSX-T environment.
You can verify the migrated configurations either in the NSX-T NSX Manager interface or by running the NSX-T APIs.Note:
- During the Migrate Configuration step, Security Tags from NSX-V are not migrated to NSX-T. Therefore, the Security Tag-based migrated dynamic Groups and Groups with static memberships in NSX-T are empty after this step is finished. The reason is that in NSX-V, a Security Tag is an object, whereas in NSX-T, a tag is an attribute of a VM. The tags are applied to the workload VMs only after the workloads are migrated to NSX-T during the Migrate Hosts step.
- When the logical configurations are migrated to NSX-T, the configuration changes are made in the NSX-T NSX Manager database, but it might take some time for the configurations to take effect.
- Click Continue to proceed.
If needed, you can roll back the migrated DFW configuration.
Rolling back does the following:
- Remove the migrated configuration from NSX-T.
- Roll back all the resolved issues in the previous step.
Any NSX-T objects that you manually created after the DFW migration are at risk of being lost during the rollback.