ファイアウォールの構成変更は監査対象です。以下に、これらの変更に関連する監査ログ メッセージの例を示します。
ポリシー モードでの分散ファイアウォールの変更
ルール (
Rule1_1) を含むファイアウォール セクション (
SecurityPolicy-1) を追加:
<182>1 2020-08-11T21:58:50.319Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="a5mxlu78" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="PatchSecurityPolicyForDomain", Operation status="success", Old value=[{"precedence":10,"category":"Application","resource_type":"CommunicationMap","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","relative_path":"SecurityPolicy-1","parent_path":"/infra/domains/default","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183130247,"_last_modified_user":"admin","_last_modified_time":1597183130247,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "SecurityPolicy-1" {"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1","path": <182>1 2020-08-11T21:58:50.320Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="a5mxlu78" splitIndex="2 of 2" subcomp="policy" update="true"] "/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"category":"Application","stateful":true,"locked":false,"scope":["ANY"],"_protection":"UNKNOWN"}] <182>1 2020-08-11T21:58:50.404Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="Rule1_1" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="E993J2LF" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="UpdateSecurityRule", Operation status="success", Old value=[{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"Rule1_1","display_name":"Rule1_1","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","relative_path":"Rule1_1","parent_path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"2024","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183130364,"_last_modified_user":"admin","_last_modified_time":1597183130364,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "SecurityPolicy-1" "Rule1_1" {"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1","path": <182>1 2020-08-11T21:58:50.404Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="Rule1_1" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="E993J2LF" splitIndex="2 of 2" subcomp="policy" update="true"] "/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"}] <182>1 2020-08-11T21:58:50.466Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="iMHW1shi" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"SecurityPolicy":{"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete" <182>1 2020-08-11T21:58:50.466Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="2aff6b4f-3d4f-4d62-a639-61291f7e879e" splitId="iMHW1shi" splitIndex="2 of 2" subcomp="policy" update="true"] :false,"overridden":false,"sequence_number":10,"category":"Application","stateful":true,"locked":false,"scope":["ANY"],"_protection":"UNKNOWN"},"resource_type":"ChildSecurityPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
セクション (
SecurityPolicy-1) でルール (
Rule1_1 を
Rule1_1_updated) に更新:
<182>1 2020-08-11T22:22:06.303Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="mJ7hQGhg" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="PatchSecurityPolicyForDomain", Operation status="success", New value=["default" "SecurityPolicy-1" {"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1_updated","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","unique_id":"2024","marked_for_delete":false,"overridden":false,"rule_id":2024,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type": <182>1 2020-08-11T22:22:06.303Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="mJ7hQGhg" splitIndex="2 of 2" subcomp="policy" update="true"] "ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"Application","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"scope":["ANY"],"is_default":false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:22:06.324Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="Rule1_1" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="JKVilI6n" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="UpdateSecurityRule", Operation status="success", Old value=[{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"Rule1_1","display_name":"Rule1_1","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","relative_path":"Rule1_1","parent_path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"2024","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183130364,"_last_modified_user":"admin","_last_modified_time":1597183130369,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "SecurityPolicy-1" "Rule1_1" {"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1_updated","path": <182>1 2020-08-11T22:22:06.324Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="Rule1_1" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="JKVilI6n" splitIndex="2 of 2" subcomp="policy" update="true"] "/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","unique_id":"2024","marked_for_delete":false,"overridden":false,"rule_id":2024,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:22:06.363Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="9MtbEpd8" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"SecurityPolicy":{"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"Rule1_1","display_name":"Rule1_1_updated","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","unique_id":"2024","marked_for_delete":false,"overridden":false,"rule_id":2024,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision": <182>1 2020-08-11T22:22:06.363Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="6aadd8de-d157-4479-b84c-8410dd48c2aa" splitId="9MtbEpd8" splitIndex="2 of 2" subcomp="policy" update="true"] 0},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"Application","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"scope":["ANY"],"is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type":"ChildSecurityPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
セクション (
SecurityPolicy-1) からルール (
Rule1_2) を削除:
<182>1 2020-08-11T22:12:24.444Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="Rule1_2" level="INFO" reqId="1a58e753-460c-443f-8a28-0d40d8af9b76" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="DeleteSecurityRule", Operation status="success", Old value=[{"sequence_number":20,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"Rule1_2","display_name":"Rule1_2","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_2","relative_path":"Rule1_2","parent_path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"2026","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183904580,"_last_modified_user":"admin","_last_modified_time":1597183904582,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "SecurityPolicy-1" "Rule1_2"] <182>1 2020-08-11T22:12:24.463Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="1a58e753-460c-443f-8a28-0d40d8af9b76" splitId="hoDI5YJQ" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="PatchSecurityPolicyForDomain", Operation status="success", New value=["default" "SecurityPolicy-1" {"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","children":[{"Rule":{"resource_type":"Rule","id":"Rule1_2","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_2","marked_for_delete":true,"overridden":false,"sources_excluded":false,"destinations_excluded":false,"logged":false,"disabled":false,"direction":"IN_OUT","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"Application","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"scope": <182>1 2020-08-11T22:12:24.463Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="1a58e753-460c-443f-8a28-0d40d8af9b76" splitId="hoDI5YJQ" splitIndex="2 of 2" subcomp="policy" update="true"] ["ANY"],"is_default":false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:12:24.497Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="1a58e753-460c-443f-8a28-0d40d8af9b76" splitId="mxpzQHfF" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"SecurityPolicy":{"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","children":[{"Rule":{"resource_type":"Rule","id":"Rule1_2","path":"/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_2","marked_for_delete":true,"overridden":false,"sources_excluded":false,"destinations_excluded":false,"logged":false,"disabled":false,"direction":"IN_OUT","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"Application","stateful":true,"tcp_strict": <182>1 2020-08-11T22:12:24.497Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="1a58e753-460c-443f-8a28-0d40d8af9b76" splitId="mxpzQHfF" splitIndex="2 of 2" subcomp="policy" update="true"] true,"locked":false,"lock_modified_time":0,"scope":["ANY"],"is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type":"ChildSecurityPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
ルール (
Rule1_1) を含むセクション (
SecurityPolicy-1) を削除:
<182>1 2020-08-11T22:24:24.898Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="SecurityPolicy-1" level="INFO" reqId="724b5494-10cd-4124-a431-56ba7d922bbf" splitId="4WIXz9qL" splitIndex="1 of 2" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="DfwSecurityPolicy", Operation="DeleteSecurityPolicyForDomain", Operation status="success", Old value=[{"precedence":10,"category":"Application","resource_type":"CommunicationMap","id":"SecurityPolicy-1","display_name":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","relative_path":"SecurityPolicy-1","parent_path":"/infra/domains/default","unique_id":"895eeac5-641b-4306-be7f-a43fdd969ee5","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183130247,"_last_modified_user":"admin","_last_modified_time":1597183130251,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["ANY"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"Rule1_1","display_name":"Rule1_1_updated","path": <182>1 2020-08-11T22:24:24.898Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="SecurityPolicy-1" level="INFO" reqId="724b5494-10cd-4124-a431-56ba7d922bbf" splitId="4WIXz9qL" splitIndex="2 of 2" subcomp="policy" update="true" username="admin"] "/infra/domains/default/security-policies/SecurityPolicy-1/rules/Rule1_1","relative_path":"Rule1_1","parent_path":"/infra/domains/default/security-policies/SecurityPolicy-1","unique_id":"2024","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597183130364,"_last_modified_user":"admin","_last_modified_time":1597184526313,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":1}], New value=["default" "SecurityPolicy-1"] <182>1 2020-08-11T22:24:24.938Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="724b5494-10cd-4124-a431-56ba7d922bbf" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"SecurityPolicy":{"resource_type":"SecurityPolicy","id":"SecurityPolicy-1","path":"/infra/domains/default/security-policies/SecurityPolicy-1","marked_for_delete":true,"overridden":false,"locked":false,"_protection":"UNKNOWN"},"resource_type":"ChildSecurityPolicy","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
ポリシー モードでのゲートウェイ ファイアウォールの変更
Tier-0 ゲートウェイと Tier-1 ゲートウェイのログ メッセージは似ているので注意してください。
Tier-1 ゲートウェイ (
myT1) のルール (
myT1_Rule1) を含むセクション (
T1-Policies) を追加:
<182>1 2020-08-11T22:31:26.800Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="Ta8faYzQ" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="PatchGatewayPolicyForDomain", Operation status="success", Old value=[{"precedence":10,"category":"LocalGatewayRules","resource_type":"CommunicationMap","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","relative_path":"T1-Policies","parent_path":"/infra/domains/default","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185086789,"_last_modified_user":"admin","_last_modified_time":1597185086789,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "T1-Policies" {"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1","path": <182>1 2020-08-11T22:31:26.801Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="Ta8faYzQ" splitIndex="2 of 2" subcomp="policy" update="true"] "/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"category":"LocalGatewayRules","stateful":true,"locked":false,"_protection":"UNKNOWN"}] <182>1 2020-08-11T22:31:26.878Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="aZfgiFKt" splitIndex="1 of 2" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="PatchGatewayRule", Operation status="success", Old value=[{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"myT1_Rule1","display_name":"myT1_Rule1","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","relative_path":"myT1_Rule1","parent_path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"2028","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185086809,"_last_modified_user":"admin","_last_modified_time":1597185086809,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "T1-Policies" "myT1_Rule1" {"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1","path": <182>1 2020-08-11T22:31:26.878Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="aZfgiFKt" splitIndex="2 of 2" subcomp="policy" update="true" username="admin"] "/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"}] <182>1 2020-08-11T22:31:26.890Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="0s7tdCjN" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"GatewayPolicy":{"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","marked_for_delete":false,"overridden":false,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection": <182>1 2020-08-11T22:31:26.890Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="c2790fbd-db29-46d3-9a0e-1003455ee9ea" splitId="0s7tdCjN" splitIndex="2 of 2" subcomp="policy" update="true"] "UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"category":"LocalGatewayRules","stateful":true,"locked":false,"_protection":"UNKNOWN"},"resource_type":"ChildGatewayPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
セクション (
T1-Policies) でルール (
myT1_Rule1 を
myT1_Rule1_Updated) に更新:
<182>1 2020-08-11T22:36:19.410Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="BiHDjsY8" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="PatchGatewayPolicyForDomain", Operation status="success", New value=["default" "T1-Policies" {"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1_Updated","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","unique_id":"2028","marked_for_delete":false,"overridden":false,"rule_id":2028,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type": <182>1 2020-08-11T22:36:19.410Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="BiHDjsY8" splitIndex="2 of 2" subcomp="policy" update="true"] "ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"LocalGatewayRules","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"is_default":false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:36:19.430Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="HqttDMqz" splitIndex="1 of 2" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="PatchGatewayRule", Operation status="success", Old value=[{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"myT1_Rule1","display_name":"myT1_Rule1","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","relative_path":"myT1_Rule1","parent_path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"2028","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185086809,"_last_modified_user":"admin","_last_modified_time":1597185086841,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "T1-Policies" "myT1_Rule1" {"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1_Updated","path": <182>1 2020-08-11T22:36:19.430Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="HqttDMqz" splitIndex="2 of 2" subcomp="policy" update="true" username="admin"] "/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","unique_id":"2028","marked_for_delete":false,"overridden":false,"rule_id":2028,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:36:19.443Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="fMYsYjV5" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"GatewayPolicy":{"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","children":[{"Rule":{"action":"ALLOW","resource_type":"Rule","id":"myT1_Rule1","display_name":"myT1_Rule1_Updated","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","unique_id":"2028","marked_for_delete":false,"overridden":false,"rule_id":2028,"sequence_number":10,"sources_excluded":false,"destinations_excluded":false,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"profiles":["ANY"],"logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_protection":"UNKNOWN","_revision": <182>1 2020-08-11T22:36:19.443Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="a17fcbdc-1aed-4526-93e9-40a3730eeb7f" splitId="fMYsYjV5" splitIndex="2 of 2" subcomp="policy" update="true"] 0},"resource_type":"ChildRule","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"LocalGatewayRules","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type":"ChildGatewayPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
セクション (
T1-Policies) からルール (
myT1_Rule2) を削除:
<182>1 2020-08-11T22:38:03.262Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="myT1_Rule2" level="INFO" reqId="ccb8d0bb-0fe2-415a-9979-a1a3a80a7038" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="DeleteGatewayRule", Operation status="success", Old value=[{"sequence_number":20,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"myT1_Rule2","display_name":"myT1_Rule2","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule2","relative_path":"myT1_Rule2","parent_path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"2029","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185467310,"_last_modified_user":"admin","_last_modified_time":1597185467314,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["default" "T1-Policies" "myT1_Rule2"] <182>1 2020-08-11T22:38:03.280Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="ccb8d0bb-0fe2-415a-9979-a1a3a80a7038" splitId="GlUhKvqu" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="PatchGatewayPolicyForDomain", Operation status="success", New value=["default" "T1-Policies" {"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","children":[{"Rule":{"resource_type":"Rule","id":"myT1_Rule2","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule2","marked_for_delete":true,"overridden":false,"sources_excluded":false,"destinations_excluded":false,"logged":false,"disabled":false,"direction":"IN_OUT","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"LocalGatewayRules","stateful":true,"tcp_strict":true,"locked":false,"lock_modified_time":0,"is_default": <182>1 2020-08-11T22:38:03.280Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="ccb8d0bb-0fe2-415a-9979-a1a3a80a7038" splitId="GlUhKvqu" splitIndex="2 of 2" subcomp="policy" update="true"] false,"_protection":"UNKNOWN","_revision":0}] <182>1 2020-08-11T22:38:03.295Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="ccb8d0bb-0fe2-415a-9979-a1a3a80a7038" splitId="xnO9T8NE" splitIndex="1 of 2" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"GatewayPolicy":{"resource_type":"GatewayPolicy","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","children":[{"Rule":{"resource_type":"Rule","id":"myT1_Rule2","path":"/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule2","marked_for_delete":true,"overridden":false,"sources_excluded":false,"destinations_excluded":false,"logged":false,"disabled":false,"direction":"IN_OUT","_protection":"UNKNOWN"},"resource_type":"ChildRule","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"sequence_number":10,"internal_sequence_number":13000010,"category":"LocalGatewayRules","stateful":true,"tcp_strict":true,"locked": <182>1 2020-08-11T22:38:03.295Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="ccb8d0bb-0fe2-415a-9979-a1a3a80a7038" splitId="xnO9T8NE" splitIndex="2 of 2" subcomp="policy" update="true"] false,"lock_modified_time":0,"is_default":false,"_protection":"UNKNOWN","_revision":0},"resource_type":"ChildGatewayPolicy","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
ルール (
myT1_Rule1_Updated) を含むセクション (
T1-Policies) を削除:
<182>1 2020-08-11T22:41:30.726Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="T1-Policies" level="INFO" reqId="d751343c-32ab-46ee-b176-752b8ae1ec0d" splitId="WZc3oxDG" splitIndex="1 of 2" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="PolicyEdgeFirewall", Operation="DeleteGatewayPolicy", Operation status="success", Old value=[{"precedence":10,"category":"LocalGatewayRules","resource_type":"CommunicationMap","id":"T1-Policies","display_name":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","relative_path":"T1-Policies","parent_path":"/infra/domains/default","unique_id":"a73c1345-6b4e-43e0-b4ee-9a91c7ba9df6","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185086789,"_last_modified_user":"admin","_last_modified_time":1597185086790,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}{"sequence_number":10,"source_groups":["ANY"],"destination_groups":["ANY"],"services":["ANY"],"action":"ALLOW","logged":false,"scope":["/infra/tier-1s/myT1"],"disabled":false,"direction":"IN_OUT","resource_type":"CommunicationEntry","id":"myT1_Rule1","display_name":"myT1_Rule1_Updated","path": <182>1 2020-08-11T22:41:30.726Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" entId="T1-Policies" level="INFO" reqId="d751343c-32ab-46ee-b176-752b8ae1ec0d" splitId="WZc3oxDG" splitIndex="2 of 2" subcomp="policy" update="true" username="admin"] "/infra/domains/default/gateway-policies/T1-Policies/rules/myT1_Rule1","relative_path":"myT1_Rule1","parent_path":"/infra/domains/default/gateway-policies/T1-Policies","unique_id":"2028","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597185086809,"_last_modified_user":"admin","_last_modified_time":1597185379419,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":1}], New value=["default" "T1-Policies"] <182>1 2020-08-11T22:41:30.733Z manager1 NSX 22164 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="d751343c-32ab-46ee-b176-752b8ae1ec0d" subcomp="policy" update="true"] UserName="admin", ModuleName="Policy", Operation="PatchInfra", Operation status="success", New value=[{"enforce_revision_check":true} {"resource_type":"Infra","children":[{"children":[{"GatewayPolicy":{"resource_type":"GatewayPolicy","id":"T1-Policies","path":"/infra/domains/default/gateway-policies/T1-Policies","marked_for_delete":true,"overridden":false,"locked":false,"_protection":"UNKNOWN"},"resource_type":"ChildGatewayPolicy","marked_for_delete":true,"mark_for_override":false,"_protection":"UNKNOWN"}],"target_type":"Domain","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false,"_protection":"UNKNOWN"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}]
マネージャ モードでの分散ファイアウォールの変更
ファイアウォール セクション (
FirewallSection-2) を追加:
<182>1 2020-08-12T00:25:53.300Z manager1 NSX 1503 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="244e8a97-93d4-4047-b817-81b59b94ce13" subcomp="manager" username="admin"] UserName="admin", ModuleName="NSX-Firewall", Operation="CREATE", Operation status="success", New value=[FirewallSectionLock [Id=0ffb0688-9f4e-4096-a19f-2d98ce8cfbeb, sectionId=f5226cab-525b-4e33-a26d-e5053fbba0a1, sectionRevision=0, locked=false, comments=Default section unlock comment, created_by=admin, create_time=1597191953299, last_modified_by=admin, last_modified_time=1597191953299]] <182>1 2020-08-12T00:25:53.313Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="244e8a97-93d4-4047-b817-81b59b94ce13" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="AddSection", Operation status="success", New value=[{"operation":"insert_before","id":"ffffffff-8a04-4924-a5b4-54d30e81befe"} {"locked":false,"autoplumbed":false,"tcp_strict":false,"display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"_protection":"UNKNOWN"}]
セクション (
FirewallSection-2) にルール (
mp_Rule1) を追加:
<182>1 2020-08-12T00:27:21.252Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="3562bb3e-bf18-4aa0-a1dd-abde13e8559c" splitId="ScK9FB8V" splitIndex="1 of 2" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":0,"is_default":false,"_create_user":"admin","_create_time":1597191953297,"_last_modified_user":"admin","_last_modified_time":1597191953297,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["f5226cab-525b-4e33-a26d-e5053fbba0a1" {"rules":[{"display_name":"mp_Rule1","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}],"resource_type":"FirewallSection","id": <182>1 2020-08-12T00:27:21.252Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="3562bb3e-bf18-4aa0-a1dd-abde13e8559c" splitId="ScK9FB8V" splitIndex="2 of 2" subcomp="manager" update="true" username="admin"] "f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":0,"is_default":false,"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","_protection":"UNKNOWN","_revision":0}]
セクション (
FirewallSection-2) でルール (
mp_Rule1 を
mp_Rule1_updated) に更新:
<182>1 2020-08-12T00:28:54.226Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="37954994-8d59-448e-923d-940813087640" splitId="KcUAlRYl" splitIndex="1 of 2" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870917","display_name":"mp_Rule1","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":1,"is_default":false,"_create_user":"admin","_create_time":1597191953297,"_last_modified_user":"admin","_last_modified_time":1597192041235,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision": <182>1 2020-08-12T00:28:54.226Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="37954994-8d59-448e-923d-940813087640" splitId="KcUAlRYl" splitIndex="2 of 2" subcomp="manager" update="true" username="admin"] 1}], New value=["f5226cab-525b-4e33-a26d-e5053fbba0a1" {"rules":[{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870917","display_name":"mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_revision":1}],"resource_type":"FirewallSectionRuleList","id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":1,"is_default":false,"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","_protection":"UNKNOWN","_revision":1}]
セクション (
FirewallSection-2) からルール (
mp_Rule2) を削除:
<182>1 2020-08-12T00:33:58.355Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="2db867e0-0407-44a2-8a6c-96895ff14a2f" splitId="m9SdpPw2" splitIndex="1 of 3" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870918","display_name":"mp_Rule2","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870917","display_name":"mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id": <182>1 2020-08-12T00:33:58.355Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="2db867e0-0407-44a2-8a6c-96895ff14a2f" splitId="m9SdpPw2" splitIndex="2 of 3" subcomp="manager" update="true" username="admin"] "f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":2,"is_default":false,"_create_user":"admin","_create_time":1597191953297,"_last_modified_user":"admin","_last_modified_time":1597192378372,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":3}], New value=["f5226cab-525b-4e33-a26d-e5053fbba0a1" {"rules":[{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870917","display_name":"mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false,"_revision":3}],"resource_type":"FirewallSectionRuleList","id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":2,"is_default":false,"locked":false,"comments":"Default section unlock comment","lock_modified_by": <182>1 2020-08-12T00:33:58.355Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="2db867e0-0407-44a2-8a6c-96895ff14a2f" splitId="m9SdpPw2" splitIndex="3 of 3" subcomp="manager" update="true" username="admin"] "admin","lock_modified_time":1597191953299,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","_protection":"UNKNOWN","_revision":3}]
ルール (
mp_Rule1) を含むセクション (
FirewallSection-2) を削除:
<182>1 2020-08-12T00:35:01.304Z manager1 NSX 1503 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="f23e091f-aa6e-47a6-945a-98291cc3f0ba" subcomp="manager" username="admin"] UserName="admin", ModuleName="NSX-Firewall", Operation="DELETE", Operation status="success", Old value=[FirewallSectionLock [Id=0ffb0688-9f4e-4096-a19f-2d98ce8cfbeb, sectionId=f5226cab-525b-4e33-a26d-e5053fbba0a1, sectionRevision=0, locked=false, comments=Default section unlock comment, created_by=admin, create_time=1597191953299, last_modified_by=admin, last_modified_time=1597191953299]] <182>1 2020-08-12T00:35:01.324Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="f5226cab-525b-4e33-a26d-e5053fbba0a1" level="INFO" reqId="f23e091f-aa6e-47a6-945a-98291cc3f0ba" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="DeleteSection", Operation status="success", Old value=[null{"section_id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","resource_type":"FirewallRule","id":"536870917","display_name":"mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}{"locked":false,"autoplumbed":false,"enforced_on":"VIF","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"f5226cab-525b-4e33-a26d-e5053fbba0a1","display_name":"FirewallSection-2","section_type":"LAYER3","stateful":true,"rule_count":1,"is_default":false,"_create_user":"admin","_create_time":1597191953297,"_last_modified_user":"admin","_last_modified_time":1597192438335,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":4}], New value=["f5226cab-525b-4e33-a26d-e5053fbba0a1" {"cascade":true}]
マネージャ モードでの Edge ファイアウォールの変更
Tier-0 論理ルーターと Tier-1 論理ルーターのログ メッセージは似ているので注意してください。
Tier-1 論理ルーター (
myT1_mp) のファイアウォール セクション (
FirewallSection-1) を追加:
<182>1 2020-08-12T00:09:55.661Z manager1 NSX 1503 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="14af9252-ddc3-4949-8e01-b2c5676ac258" subcomp="manager" username="admin"] UserName="admin", ModuleName="NSX-Firewall", Operation="CREATE", Operation status="success", New value=[FirewallSectionLock [I d=15b61818-2a65-48cf-a98e-7c2f3fccc845, sectionId=9808d1ec-de08-48b3-8173-12f26fb0ae9c, sectionRevision=0, locked=false, comments=Default section unlock comment, created_by=admin, create_time=1597190995659, last_modified_by=admin, last_modified_time=1597190995659]] <182>1 2020-08-12T00:09:55.687Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="14af9252-ddc3-4949-8e01-b2c5676ac258" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="AddSection", Operation status="success", New value=[{"operation":"insert_before","id":"095b443a-115d-4bf7-b4f7-192305321e95"} {"locked":false,"autoplumbed":false,"tcp_strict":false,"display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"is_default":false,"_system_owned":false,"_protection":"UNKNOWN","_revision":0}]
セクション (
FirewallSection-1) にルール (
myT1_mp_Rule1) を追加:
<182>1 2020-08-12T00:13:44.092Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="d4e7bdef-0cc6-45e9-8884-061b0f688fec" splitId="snErcGKF" splitIndex="1 of 2" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597190995659,"autoplumbed":false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"rule_count":0,"is_default":false,"_create_user":"admin","_create_time":1597190995657,"_last_modified_user":"admin","_last_modified_time":1597190995657,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":0}], New value=["9808d1ec-de08-48b3-8173-12f26fb0ae9c" {"rules":[{"display_name":"myT1_mp_Rule1","sources_excluded":false,"destinations_excluded":
セクション (
FirewallSection-1) でルール (
myT1_mp_Rule1 を
myT1_mp_Rule1_updated) に更新:
<182>1 2020-08-12T00:15:31.078Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="eb880eee-5798-42fc-a8aa-58b70e4aa152" splitId="WviLd4ja" splitIndex="1 of 3" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597190995659,"autoplumbed":false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"rule_count":1,"is_default":false,"_create_user":"admin","_create_time":1597190995657,"_last_modified_user":"admin","_last_modified_time":1597191224058,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":1}{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870914","display_name":"myT1_mp_Rule1","sources_excluded": <182>1 2020-08-12T00:15:31.078Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="eb880eee-5798-42fc-a8aa-58b70e4aa152" splitId="WviLd4ja" splitIndex="2 of 3" subcomp="manager" update="true" username="admin"] false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}], New value=["9808d1ec-de08-48b3-8173-12f26fb0ae9c" {"rules":[{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870914","display_name":"myT1_mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_revision":1}],"resource_type":"FirewallSectionRuleList","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"is_default":false,"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597190995659,"autoplumbed": <182>1 2020-08-12T00:15:31.078Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="eb880eee-5798-42fc-a8aa-58b70e4aa152" splitId="WviLd4ja" splitIndex="3 of 3" subcomp="manager" update="true" username="admin"] false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","_system_owned":false,"_protection":"UNKNOWN","_revision":1}]
セクション (
FirewallSection-1) からルール (
myT1_mp_Rule2) を削除:
<182>1 2020-08-12T00:18:05.341Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="bc95016c-5ec2-4b25-ab17-0b10b6c5a4f0" splitId="damZHQkr" splitIndex="1 of 3" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="UpdateSectionWithRules", Operation status="success", Old value=[{"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597190995659,"autoplumbed":false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"rule_count":2,"is_default":false,"_create_user":"admin","_create_time":1597190995657,"_last_modified_user":"admin","_last_modified_time":1597191475552,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":3}{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870914","display_name": <182>1 2020-08-12T00:18:05.341Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="bc95016c-5ec2-4b25-ab17-0b10b6c5a4f0" splitId="damZHQkr" splitIndex="2 of 3" subcomp="manager" update="true" username="admin"] "myT1_mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870915","display_name":"myT1_mp_Rule2","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}], New value=["9808d1ec-de08-48b3-8173-12f26fb0ae9c" {"rules":[{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870914","display_name":"myT1_mp_Rule1_updated","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction":"IN_OUT","ip_protocol":"IPV4_IPV6","_revision":3}],"resource_type":"FirewallSectionRuleList","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos" <182>1 2020-08-12T00:18:05.341Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="bc95016c-5ec2-4b25-ab17-0b10b6c5a4f0" splitId="damZHQkr" splitIndex="3 of 3" subcomp="manager" update="true" username="admin"] :[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"is_default":false,"locked":false,"comments":"Default section unlock comment","lock_modified_by":"admin","lock_modified_time":1597190995659,"autoplumbed":false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","_system_owned":false,"_protection":"UNKNOWN","_revision":3}]
ルール (
myT1_mp_Rule2) を含むセクション (
FirewallSection-1) を削除:
<182>1 2020-08-12T00:21:27.646Z manager1 NSX 1503 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="781f43d5-0b4c-494e-89a1-cbc2998fc232" subcomp="manager" username="admin"] UserName="admin", ModuleName="NSX-Firewall", Operation="DELETE", Operation status="success", Old value=[FirewallSectionLock [Id=15b61818-2a65-48cf-a98e-7c2f3fccc845, sectionId=9808d1ec-de08-48b3-8173-12f26fb0ae9c, sectionRevision=0, locked=false, comments=Default section unlock comment, created_by=admin, create_time=1597190995659, last_modified_by=admin, last_modified_time=1597190995659]] <182>1 2020-08-12T00:21:27.669Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="781f43d5-0b4c-494e-89a1-cbc2998fc232" splitId="u3AofFMr" splitIndex="1 of 2" subcomp="manager" update="true" username="admin"] UserName="admin", ModuleName="Firewall", Operation="DeleteSection", Operation status="success", Old value=[{"locked":false,"autoplumbed":false,"enforced_on":"LOGICALROUTER","tcp_strict":false,"category":"Default","resource_type":"FirewallSection","id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","display_name":"FirewallSection-1","applied_tos":[{"target_id":"6562738e-73b9-4f21-9461-460ead581daf","target_display_name":"myT1_mp","target_type":"LogicalRouter","is_valid":true}],"section_type":"LAYER3","stateful":true,"rule_count":1,"is_default":false,"_create_user":"admin","_create_time":1597190995657,"_last_modified_user":"admin","_last_modified_time":1597191671601,"_system_owned":false,"_protection":"NOT_PROTECTED","_revision":6}{"section_id":"9808d1ec-de08-48b3-8173-12f26fb0ae9c","resource_type":"FirewallRule","id":"536870916","display_name":"myT1_mp_Rule1","sources_excluded":false,"destinations_excluded":false,"action":"ALLOW","disabled":false,"logged":false,"direction": <182>1 2020-08-12T00:21:27.669Z manager1 NSX 1503 FIREWALL [nsx@6876 audit="true" comp="nsx-manager" entId="9808d1ec-de08-48b3-8173-12f26fb0ae9c" level="INFO" reqId="781f43d5-0b4c-494e-89a1-cbc2998fc232" splitId="u3AofFMr" splitIndex="2 of 2" subcomp="manager" update="true" username="admin"] "IN_OUT","ip_protocol":"IPV4_IPV6","is_default":false}null], New value=["9808d1ec-de08-48b3-8173-12f26fb0ae9c" {"cascade":true}]