VMware NSX-T is designed to address the emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere, these environments may also include other hypervisors, containers, bare metal, and public clouds. vRealize Network Insight supports NSX-T deployments where the VMs are managed by vCenter.


  • NSX-T 2.0, 2.2, and 2.3 versions are supported.

  • vRealize Network Insight supports only the NSX-T setups in which vCenter manages the ESXi hosts. Ensure that vCenter is added as Compute Manager in NSX-T.


    Compute Managers should be added as data sources in vRealize Network Insight before adding NSX-T as a data source.

  • vRealize Network Insight supports NSGroups, NSX-T Firewall Rules, IPSets, NSX-T Logical Ports, NSX-T Logical Switches, and NSX-T distributed firewall IPFIX flows.

  • vRealize Network Insight supports both NSX-V and NSX-T deployments. When you use NSX in your queries, the results include both NSX-V and NSX-T entities. NSX Manager lists both NSX-V and NSX-T Managers. NSX Security Groups list both NSX-T and NSX-V security groups. If NSX-V or NSX-T is used instead of NSX, then only those entities are displayed. The same logic applies to the entities such as firewall rules, IPSets, and logical switches.

To Add an NSX-T Manager as a Data Source

Here are the prerequisites for adding an NSX-T Manager as a data source:

  • Before adding NSX - T, add at least one vCenter which is associated with NSX - T to vRealize Network Insight.

  • It is recommended that you add all the vCenters associated with NSX-T as data sources in vRealize Network Insight.

  • Ensure that there are no logical switches in the exclusion list in the Distributed Firewall (DFW). If there are any logical switches in this list, then the flows are not reported for any VMs attached to these logical switches.

To add an NSX-T Manager:

  1. On the Accounts and Data Source page under Settings, click Add Source.

  2. Under VMware Manager in the Select an Account or Data Type page, select VMware NSX-T Manager.

  3. Provide the user credentials. The user should be a local user with the audit level permissions.

  4. Select Enable IPFIX to update the IPFIX settings on NSX-T. By selecting this option, vRealize Network Insight receives DFW IPFIX flows from NSX-T. For more information on enabling IPFIX, see Enabling VMware NSX-T DFW IPFIX.


    DFW IPFIX is not supported in the Standard Edition of NSX-T.

Examples for Queries

Here are some examples for queries related to NSX-T:

Table 1.


Search Results

NSX-T Manager where VC Manager=

NSX-T Manager where this particular VC Manager has been added as the compute manager

NSX-T Logical Switch

Lists all the NSX-T Logical switches present in the particular instance of vRealize Network Insight including the details on whether it is a system-created or a user-created switch.

NSX-T Logical Ports where NSX-T Logical Switch = 'DB-Switch'

Lists the NSX-T logical ports belonging to that particular NSX-T logical switch, DB-Switch.

VMs where NSX-T Security Group = 'Application-Group'


VMs where NSGroup = ‘Application-Group’

Lists all the VMs in that particular security group, Application-Group.

NSX-T Firewall Rule where Action='ALLOW'

Lists all the NSX-T Firewall Rules which have their action set as ALLOW.

NSX-T Firewall Rule where Destination Security Group = ‘CRM-Group’

Lists the firewall rules where the CRM-Group is the Destination Security Group. The results include both Direct Destination Security Groups and Indirect Destination Security Groups.

NSX-T Firewall Rule where Direct Destination Security Group = ‘CRM-Group’

Lists the firewall rules where the CRM-Group is the Destination Security Group. The results include only the Direct Destination Security Groups.

VMs where NSX-T Logical Port = ‘App_Port-Id-1’

Lists all the VMs which have that particular NSX-T Logical Port.

NSX-T Transport Zone

Lists the VLAN and the overlay transport zone and the respective details associated with it including the type of the transport node.


vRealize Network Insight does not support KVM as a data source.

NSX-T Router

Lists the TIER 1 and TIER 0 routers. Click the router shown in the results to view more details associated with it including the NSX-T Edge Cluster and the HA mode.