You can obtain information about the firewall rules that have been associated with a specific compute entity or traffic flow that is displayed in the Security Intelligence visualization canvas. This feature is introduced in Security Intelligence 4.1.1.
View the firewall rule details for a compute entity
- The compute entity belongs to the
Applied To
property of the distributed firewall rule, either by being a member of a group listed inApplied To
or whenApplied To
isANY
. - The compute entity belongs to either the
Sources
property or theDestinations
property of the rule, depending on the value configured in theDirection
setting of the rule. If theDirection
setting for the rule isIn-Out
, then the compute entity can be in both theSources
andDestinations
. If the rule'sDirection
setting isIN
, then the compute entity has to be included in theDestinations
property. If theDirection
setting in the rule isOUT
, then the compute entity has to be included in theSources
property.
To view the related firewall rule details for a compute entity, use one of the following methods while in the Security Intelligence visualization canvas.
Method 1: From the Groups view, you can deep dive into a group and view the related firewall details for a specific compute entity in that group.
From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.
Select
While in the Groups view, double-click a group's node to deep dive into it and see the compute entities that belong to that group.
From one of the group members' nodes, right-click the node of the compute entity whose related firewall rule details you want to view and select Related Firewall Rules from the contextual menu. The following image illustrates this action.
The Related Firewall Rules dialog box is displayed. For details about the information displayed in the Related Firewall Rules table, see About the Related Firewall Rules table.
Method 2: From the Computes view, you can view the details of the firewall rules that are related to your selected compute entity.
From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.
Select
In the Security section, right-click Groups and select Computes from the Objects drop-down menu.
- (opcional)
Apply filters to refine the criteria used when displaying the compute entities in the visualization canvas.
Click Apply.
Right-click the compute entity whose related firewall rule details you want to view.
Select Related Firewall Rules from the contextual menu.
The Related Firewall Rules dialog box is displayed. For details about the information displayed in the Related Firewall Rules table, see About the Related Firewall Rules table.
View the firewall rule details for a traffic flow
From a traffic flow line, you can view details about the firewall rules that were in effect at the time of the selected flow.
From your browser, log in with administrator privileges to an NSX ManagerNSX Manager at https://<nsx-manager-ip-address>.
Select
Whether you are in the Groups view or Computes view, right-click the traffic flow whose related firewall details you want to view and select Flow Details from the contextual menu.
The Flow Details dialog box for groups or compute entities is displayed and the Completed Flows tab displays the compute entities that participated in the traffic flow whose details you are viewing. You can use the Filter mechanism to narrow the list of flows displayed.
In the Completed Flows table, expand one of the rows for the compute entity associated with the flow and locate the Firewall Rules in Effect section, as illustrated in the following image.
Nota:The details displayed in the Firewall Rules in Effect section are the latest information available for the firewall rule that has the same rule ID associated with the flow details you are viewing. The information might not reflect the same rule details that were in effect when the traffic flow occurred.
About the Related Firewall Rules table
ubuntuvm6
VM.
The firewall rules are grouped by policy. You can use the Filter mechanism to narrow the list of policies displayed. You can filter by name
or ID
.
The rule details are displayed when you expand the row for a policy. In the above image, the row for the SecurityPolicy-1
policy is expanded and displays only one of two rules that belong to the policy.
The table displays read-only information about all of the distributed firewall rules related to the ubuntuvm6
VM. To manage the details about all the firewall rules in the policy and to view the other rules that are not listed in this table, click the icon on the far right side. The details about the selected policy are displayed on the UI page. You can make changes to the rules and the policy, as needed, on that UI page.