NSX CLI Guide
Associated Commands:
| CLI Description | Command |
|---|---|
Display the specified firewall address setDisplay the specified firewall address set for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> addrset name <string-arg>
|
Display all the firewall address setsDisplay all the firewall address sets for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> addrset sets
|
Display the specified firewall attribute setDisplay the specified firewall attribute set for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> attrset name <string-arg>
|
Display all the firewall attribute setsDisplay all the firewall attribute sets for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> attrset sets
|
Display firewall connection informationDisplay the firewall connections on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> connection
|
Display firewall connection countDisplay the firewall connection count. |
get firewall <dpd-uuid-firewall-port-arg> connection count
|
Display firewall connection informationDisplay the firewall connections on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> connection raw
|
Display firewall connection stateDisplay the state of the firewall connections. |
get firewall <dpd-uuid-firewall-port-arg> connection state
|
Display firewall interface statisticsDisplay firewall interface statistics for the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> interface stats
|
Display firewall active/standby configurationDisplay the active/standby configuration for the firewall on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> sync config
|
Display firewall synchronization statisticsDisplay the firewall synchronization statistics. |
get firewall <dpd-uuid-firewall-port-arg> sync stats
|
Display the fixed timeouts for connection eventsDisplay the fixed timeouts for connection events. |
get firewall <dpd-uuid-firewall-port-arg> timeouts
|
Display specific firewall L7 profile info on given Logical Router UUIDDisplay specific firewall L7 profile information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profile <uuid-string-arg>
|
Display specific firewall L7 profile entry stats info on given Logical Router UUIDDisplay specific firewall L7 profile entry stats information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profile <uuid-string-arg> stats
|
Display all firewall L7 profiles info on given Logical Router UUIDDisplay all firewall L7 profiles information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profiles
|
Display all firewall L7 profile entry stats info on given Logical Router UUIDDisplay all firewall L7 profile entry stats information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profiles stats
|
Display IKE policyDisplay IKE policy for the specified logical router interface. |
get firewall <uuid> ike policy [<rule-id>]
|
Display firewall rulesDisplay firewall rules with expanded address sets for the specified logical router interface. |
get firewall <uuid> ruleset [type <rule-type>] rules [<ruleset-detail>]
|
Display firewall rule statisticsDisplay firewall rule statistics for the specified logical router interface. |
get firewall <uuid> ruleset [type <rule-type>] stats
|
Display firewall address setsDisplay firewall address sets |
get firewall <vif-uuid-arg> addrsets
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall <vif-uuid-arg> fqdn
|
Display firewall attribute profilesDisplay firewall attribute profiles. |
get firewall <vif-uuid-arg> profile
|
Display firewall rulesDisplay firewall rules |
get firewall <vif-uuid-arg> ruleset rules
|
Display firewall interfacesDisplay the logical router or switch interfaces which have firewall rules. |
get firewall [logical-switch <uuid>] interfaces
|
Display firewall addresses for the specified address setDisplay firewall addresses for the specified address set. |
get firewall addrset name <uuid-arg>
|
Display firewall address sets for the available virtual interfaceDisplay firewall address sets for the available virtual interface. |
get firewall addrset sets
|
Display firewall connection stateDisplay the state of the firewall connections in the VRF context. |
get firewall connection state
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall context-profile <context-profile-id-arg> fqdn
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall context-profiles
|
Display firewall exclude interfacesDisplay firewall exclude interfaces. |
get firewall exclude
|
Get the firewall exclusion list under manager mode, for exclusion list members under policy mode, please use API for nowDisplay the firewall exclusion list under manager mode, for exclusion list members under policy mode, please use API for now |
get firewall exclude-list
|
Display firewall exclusionDisplay firewall exclusions. |
get firewall exclusion
|
Display firewall interface statisticsDisplay firewall interface statistics for the specified logical router interface in the VRF context. |
get firewall interface stats
|
Display firewall interfacesDisplay the logical router or switch interfaces which have firewall rules. |
get firewall interfaces
|
Display firewall sync interfacesDisplay sync configuration for logical router interfaces with firewall rules. |
get firewall interfaces sync
|
Display firewall ipfix containersDisplay firewall ipfix containers. |
get firewall ipfix-containers
|
Display firewall ipfix filtersDisplay firewall ipfix filters. |
get firewall ipfix-filters
|
Display firewall ipfix profile configurationDisplay firewall ipfix profile configration. |
get firewall ipfix-profiles
|
Display firewall ipfix statisticsDisplay firewall ipfix statistics. |
get firewall ipfix-stats
|
Display specific firewall L7 profile info based on UUIDDisplay specific firewall L7 profile information based on UUID. |
get firewall l7-profile <uuid-string-arg>
|
Display specific firewall L7 profile entry stats based on UUIDDisplay specific firewall L7 profile entry stats information based on UUID. |
get firewall l7-profile <uuid-string-arg> stats
|
Display all firewall L7 profiles infoDisplay all firewall L7 profiles information. |
get firewall l7-profiles
|
Display all firewall L7 profile entry statsDisplay all firewall L7 profile entry stats information. |
get firewall l7-profiles stats
|
Show DFW packet log file contentsDisplay the contents of the DFW packet log file. |
get firewall packetlog
|
Show last lines of DFW packet log file contentsDisplay last lines of the DFW packet log file. |
get firewall packetlog last <line-count-arg>
|
Display firewall rule statisticsDisplay firewall rule statistics. |
get firewall rule-stats
|
Display total firewall rule statisticsDisplay total firewall rule statistics. |
get firewall rule-stats total
|
Display the summary of firewall rulesDisplay the summary of firewall rules. |
get firewall rules
|
Display the firewall statusDisplay the firewall status. |
get firewall status
|
Get the firewall summaryDisplay the firewall summary. |
get firewall summary
|
Display firewall active/standby configurationDisplay the active/standby configuration for the firewall on the specified logical router interface. |
get firewall sync config
|
Display firewall synchronization statisticsDisplay the firewall synchronization statistics in the VRF context. |
get firewall sync stats
|
Display firewall threshold alarmsDisplay firewall threshold alarms. |
get firewall threshold-alarms
|
Display firewall thresholdsDisplay firewall thresholds. |
get firewall thresholds
|
Display firewall VIFsDisplay firewall VIFs |
get firewall vifs
|
Display firewall vsipioctl fqdn entries with no debugDisplay firewall vsipioctl fqdn entries with no debug. |
get firewall vsipioctl <vsip_commands> [<vsip_param>]
|
Display reputation and category info about URLDisplay reputation and category info about URL |
get url-classification <url-string-arg>
|
Set peer configuration for firewall active/standbySet the peer configuration for active/standby configuration. This configuration happens automatically when firewall rules are added to an active/standby logical router via the NSX Manager web interface or API. This command should be used for advanced configuration or troubleshooting only. If you manually configure the active/standby peer on an
edge node, you must also configure its peer.
|
set firewall <dpd-uuid-firewall-port-arg> local-ip <ip-address> sync-peer <nsxa-uuid-lrouter-port-arg> sync-peer-ip <ip-address>
|
Set mode for firewall synchronizationSet the firewall synchronization mode for active/standby configuration. This configuration happens automatically when firewall rules are added to an active/standby logical router via the NSX Manager web interface or API. This command should be used for advanced configuration or troubleshooting only. If you manually configure the active/standby sync, you must
correctly configure both edge nodes in the active/standby
configuration. One node must be configured as primary
and one as secondary. One node must be configured as active,
and one as passive.
|
set firewall <dpd-uuid-firewall-port-arg> sync-rank <fw-primary-arg> sync-mode <fw-active-arg>
|
Start firewall synchronization for the logical router interfaceStart firewall synchronization for the logical router interface. Synchronization happens automatically, but you can optionally start a bulk sync to more quickly synchronize a new or restarted standby router. The sync must be started from the primary router. |
start firewall <dpd-uuid-firewall-port-arg> bulk-sync
|
Stop firewall bulk synchronization for the logical router interfaceStop firewall bulk synchronization for the logical router interface. |
stop firewall <dpd-uuid-firewall-port-arg> bulk-sync
|
Total commands: 61