Security
Security section is a collection of pages related to Network Security (NSX). If you are authorized to view these pages, you can access them from the top navigation bar.
Get the NSX Proxy API wrapping the NSX API (Internal Link)
Side Navigation
The side navigation contains the list of all Security pages:
- Firewall Rules
- Security Sections
- Services
- IP Sets
- Security Groups
- Security Tags
- Flow Logs
Firewall Rules
In Firewall Rules section, you can create, edit and delete firewall rules.
Firewall Rules List
The page shows one or more selected firewall sections with a separate table per section. Each table shows all the firewall rules belonging to a given firewall section and information about them:
- The index number
- The name with Enabled or Disabled tag
- The rule ID
- The list of source elements
- The list of destination elements
- The list of services
- The Allow, Block or Reject action
- The list of elements the firewall rule is applied to
- The available actions
For some fields, there is a limitation on how many entries are displayed per row. To display all items in a filterable dialog, click on + X more.
Each item (table row) is clickable and opens a dialog with all firewall rule properties in read-only- or edit mode, depending on your authorization in the given firewall section.
Create Firewall Rule
To create a firewall rule:
- To open the creation dialog, click on Create Firewall Rule at the top of the firewall section you want your rule to belong to.
- Fill out the required form fields and configure your firewall rule in the dialog tabs.
- Click Confirm to add the firewall rule to the section.
- After committing all the changes to the rules in your firewall section, click on Submit on the blue bar to deploy the whole section.
Item Actions
| Action | Description |
|---|---|
| Details | Opens a dialog with all firewall rule information in read-only mode (relates only to firewall rules that you are not authorized to edit). |
| Edit | Opens a dialog with all firewall rule properties as editable form fields. |
| Delete | Opens a prompt dialog where you can confirm the deletion of a firewall rule. |
Table Filters
| Filter | Description |
|---|---|
| Firewall Section | By default the last-used section is selected. Check any combination of firewall sections to view them on the page. |
| Rule ID | Insert a rule ID to display only the matching firewall rule. |
| Service | Select a service to display the rules including this service. |
| Action | Select Allow or Reject to display the rules matching this action. |
| Applied to | Select an element to display only the rules applied to this element. |
| Show only invalid firewall rules | Visible only if some firewall rules are invalid. Check the option to display only invalid rules. |
| Filter by Text | Type a string to view items with a matching property. |
Firewall Sections
In Firewall Sections you can create, edit and delete firewall sections.
Firewall Sections List
The list shows all available firewall sections in their defined order. Only the Tenant Provider Section is immutable and always on top of the list. The sections are listed with:
- The name
- The available actions
Each item (table row) is clickable and opens a dialog where you can configure your firewall section.
Create Firewall Section
To create a firewall section:
- To open the creation dialog, click on Create Firewall Section at the top of the list.
- Fill out the required form fields and configure your section.
- Click Create to deploy the section.
Firewall Section Actions
| Action | Description |
|---|---|
| Edit | Opens a dialog with the editable properties of a firewall section. |
| Delete | Opens a prompt dialog where you can confirm the deletion of a firewall section. |
Table Filters
| Filter | Description |
|---|---|
| Filter by Text | Type a string to view items with a matching property. |
Services
In Services section you can create, edit and delete services.
Services List
The list shows all the available services with basic information about them:
- The name
- The protocol
- The source ports
- The destination ports
- The scope
- The inheritance
- The available actions
Each item (table row) is clickable and opens a dialog where you can configure the service.
Create Service
To create a service:
- To open the creation dialog, click on Create Service at the top of the list.
- Fill out the required form fields to configure your service.
- Click Create to deploy the service.
Service Actions
| Action | Description |
|---|---|
| Edit | Opens a dialog with the editable properties of a service. |
| Delete | Opens a prompt dialog where you can confirm the deletion of a service. |
Table Filters
| Filter | Description |
|---|---|
| Protocol | Select UDP, TCP or ICMP to view the services with this protocol set. |
| Source Ports | Insert ports to see services with the matching source ports property. |
| Destination Ports | Insert ports to see services with the matching destination ports property. |
| Scope | Select Global or other scope to display services with the matching scope. |
| Inheritance | Select an option to display services with the matching inheritance. |
| Filter by Text | Type a string to view items with a matching property. |
IP Sets
In IP Sets section you can create, edit and delete IP sets.
IP Sets List
The list shows all the available IP sets with basic information about them:
- The Name
- The IP Addresses
- The Scope
- The Inheritance
- The available actions
Each item (table row) is clickable and opens a dialog where you can configure the IP Set.
Create IP Set
To create an IP set:
- To open the creation dialog, click on Create IP Set at the top of the list.
- Fill out the required form fields to configure your IP Set.
- Click Create to deploy the IP set.
IP Set Actions
| Action | Description |
|---|---|
| Edit | Opens a dialog with the editable properties of an IP set. |
| Delete | Opens a prompt dialog where you can confirm the deletion of an IP set. |
Table Filters
| Filter | Description |
|---|---|
| IP Addresses | Insert one or more IP addresses to display the matching IP sets. |
| Scope | Select Global or an other scope to display IP addresses with the matching scope. |
| Inheritance | Select an option to display IP adresses with the matching inheritance. |
| Filter by Text | Type a string to view items with a matching property. |
Security Groups
In Security Groups you can create, edit and delete security groups.
Security Groups List
The list shows all the available security groups with basic information about them:
- The name
- The scope
- The included members (if Display Members option at the top of the list is checked)
- The excluded members (if Display Members option at the top of the list is checked)
- The available actions
Each item (table row) is clickable and opens a dialog where you can configure the security group.
Create Security Group
To create a security group:
- To open the creation dialog, click on Create Security Group at the top of the list.
- Fill out the required form fields in the dialog tabs to configure your security group.
- Click Create to deploy the security group.
Security Group Actions
| Action | Description |
|---|---|
| Edit | Opens a dialog with the editable properties of a security group. |
| Delete | Opens a prompt dialog where you can confirm the deletion of a security group. |
Table Filters
| Filter | Description |
|---|---|
| Scope | Select Global or an other scope to display security groups with the matching scope. |
| Included Members | Check any combination of items to display security groups with the matching included members. |
| Excluded Members | Check any combination of items to display security groups with the matching excluded members. |
| Filter by Text | Type a string to view items with a matching property. |
Security Tags
In Security Tags section you can create, edit and delete security tags.
Security Tags List
The list shows all the available security tags with basic information about them:
- The name with an information dialog containing a list of the attached VMs
- The description
- The available actions
Each item (table row) is clickable and opens a dialog where you can configure the security group.
Create Security Tag
To create a security tag:
- To open the creation dialog, click on Create Security Tag at the top of the list.
- Fill out the required form fields in the dialog tabs to configure your security tag.
- Click Create to deploy the security tag.
Security Tag Actions
| Action | Description |
|---|---|
| Edit | Opens a dialog with the editable properties of a security tag. |
| Delete | Opens a prompt dialog where you can confirm the deletion of a security tag. |
Table Filters
| Filter | Description |
|---|---|
| Filter by Text | Type a string to view items with a matching property. |
Flow Logs
In Flow Logs section you can access flow logs for a single virtual machine.
Note: It is not recommended to select a date range exceeding 10 days as it may cause a timeout error.
Flow Logs List
To view flow logs of a chosen VM, select a VM name in the Virtual Machine dropdown at the top of the table.
The list shows the flow logs of the chosen virtual machine and the information:
- The state
- The direction
- The protocol
- The source
- The destination IP
- The destination port
- The start date and time
- The end date and time
- The rule ID
- The available actions
Each item (table row) is clickable and opens a dialog with all information related to this entry.
Reload Data
Click Reload Data to update the flow logs table for the selected VMs with the newest flow logs.
Flow Log Actions
| Action | Description |
|---|---|
| Details | Opens a dialog with all flow log information. |
Table Filters
| Filter | Description |
|---|---|
| Flow Type | Select a flow type to see flow logs matching that selection. |
| State | Select a state to see flow logs matching that selection. |
| Direction | Select From or To to see flow logs matching that selection. |
| Protocol | Select a protocol to display flow logs matching that selection. |
| Source ID | Insert a source ID to display flow logs matching your input. |
| Destination ID | Insert a destination ID to display flow logs matching your input. |
| Destination Port or Port Range | Insert any combination of ports to display flow logs matching this input. |
| Rule ID | Insert a rule ID to display only the matching flow logs. |
| Start Date | Pick a date and time to display flow logs generated after that time. |
| End Date | Pick a date and time to display flow logs generated before that time. |