NSX CLI Guide
Associated Commands:
| CLI Description | Command |
|---|---|
Display the specified firewall address setDisplay the specified firewall address set for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> addrset name <string-arg>
|
Display all the firewall address setsDisplay all the firewall address sets for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> addrset sets
|
Display the specified firewall attribute setDisplay the specified firewall attribute set for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> attrset name <string-arg>
|
Display all the firewall attribute setsDisplay all the firewall attribute sets for the logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> attrset sets
|
Display firewall connection informationDisplay the firewall connections on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> connection
|
Display firewall connection countDisplay the firewall connection count. |
get firewall <dpd-uuid-firewall-port-arg> connection count
|
Display firewall connection informationDisplay the firewall connections on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> connection raw
|
Display firewall connection stateDisplay the state of the firewall connections. |
get firewall <dpd-uuid-firewall-port-arg> connection state
|
Display firewall interface statisticsDisplay firewall interface statistics for the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> interface stats
|
Display firewall active/standby configurationDisplay the active/standby configuration for the firewall on the specified logical router interface. |
get firewall <dpd-uuid-firewall-port-arg> sync config
|
Display firewall synchronization statisticsDisplay the firewall synchronization statistics. |
get firewall <dpd-uuid-firewall-port-arg> sync stats
|
Display the fixed timeouts for connection eventsDisplay the fixed timeouts for connection events. |
get firewall <dpd-uuid-firewall-port-arg> timeouts
|
Display specific firewall L7 profile info on given Logical Router UUIDDisplay specific firewall L7 profile information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profile <uuid-string-arg>
|
Display specific firewall L7 profile entry stats info on given Logical Router UUIDDisplay specific firewall L7 profile entry stats information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profile <uuid-string-arg> stats
|
Display all firewall L7 profiles info on given Logical Router UUIDDisplay all firewall L7 profiles information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profiles
|
Display all firewall L7 profile entry stats info on given Logical Router UUIDDisplay all firewall L7 profile entry stats information on given Logical Router UUID. |
get firewall <dpd-uuid-lrouter-port-arg> l7-profiles stats
|
Display IKE policyDisplay IKE policy for the specified logical router interface. |
get firewall <uuid> ike policy [<rule-id>]
|
Display firewall rulesDisplay firewall rules with expanded address sets for the specified logical router interface. |
get firewall <uuid> ruleset [type <rule-type>] rules [<ruleset-detail>]
|
Display firewall rule statisticsDisplay firewall rule statistics for the specified logical router interface. |
get firewall <uuid> ruleset [type <rule-type>] stats
|
Display firewall address setsDisplay firewall address sets |
get firewall <vif-uuid-arg> addrsets
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall <vif-uuid-arg> fqdn
|
Display firewall attribute profilesDisplay firewall attribute profiles. |
get firewall <vif-uuid-arg> profile
|
Display firewall rulesDisplay firewall rules |
get firewall <vif-uuid-arg> ruleset rules
|
Display firewall interfacesDisplay the logical router or switch interfaces which have firewall rules. |
get firewall [logical-switch <uuid>] interfaces
|
Display firewall addresses for the specified address setDisplay firewall addresses for the specified address set. |
get firewall addrset name <uuid-arg>
|
Display firewall address sets for the available virtual interfaceDisplay firewall address sets for the available virtual interface. |
get firewall addrset sets
|
Display firewall connection stateDisplay the state of the firewall connections in the VRF context. |
get firewall connection state
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall context-profile <context-profile-id-arg> fqdn
|
Display firewall fqdn attribute of profilesDisplay firewall fqdn attribute of profiles. |
get firewall context-profiles
|
Display firewall exclude interfacesDisplay firewall exclude interfaces. |
get firewall exclude
|
Get the firewall exclusion listDisplay the firewall exclusion list. |
get firewall exclude-list
|
Display firewall exclusionDisplay firewall exclusions. |
get firewall exclusion
|
Display firewall interface statisticsDisplay firewall interface statistics for the specified logical router interface in the VRF context. |
get firewall interface stats
|
Display firewall interfacesDisplay the logical router or switch interfaces which have firewall rules. |
get firewall interfaces
|
Display firewall sync interfacesDisplay sync configuration for logical router interfaces with firewall rules. |
get firewall interfaces sync
|
Display firewall ipfix containersDisplay firewall ipfix containers. |
get firewall ipfix-containers
|
Display firewall ipfix filtersDisplay firewall ipfix filters. |
get firewall ipfix-filters
|
Display firewall ipfix profile configurationDisplay firewall ipfix profile configration. |
get firewall ipfix-profiles
|
Display firewall ipfix statisticsDisplay firewall ipfix statistics. |
get firewall ipfix-stats
|
Display specific firewall L7 profile info based on UUIDDisplay specific firewall L7 profile information based on UUID. |
get firewall l7-profile <uuid-string-arg>
|
Display specific firewall L7 profile entry stats based on UUIDDisplay specific firewall L7 profile entry stats information based on UUID. |
get firewall l7-profile <uuid-string-arg> stats
|
Display all firewall L7 profiles infoDisplay all firewall L7 profiles information. |
get firewall l7-profiles
|
Display all firewall L7 profile entry statsDisplay all firewall L7 profile entry stats information. |
get firewall l7-profiles stats
|
Show DFW packet log file contentsDisplay the contents of the DFW packet log file. |
get firewall packetlog
|
Show last lines of DFW packet log file contentsDisplay last lines of the DFW packet log file. |
get firewall packetlog last <line-count-arg>
|
Display firewall rule statisticsDisplay firewall rule statistics. |
get firewall rule-stats
|
Display total firewall rule statisticsDisplay total firewall rule statistics. |
get firewall rule-stats total
|
Display the summary of firewall rulesDisplay the summary of firewall rules. |
get firewall rules
|
Display the firewall statusDisplay the firewall status. |
get firewall status
|
Get the firewall summaryDisplay the firewall summary. |
get firewall summary
|
Display firewall active/standby configurationDisplay the active/standby configuration for the firewall on the specified logical router interface. |
get firewall sync config
|
Display firewall synchronization statisticsDisplay the firewall synchronization statistics in the VRF context. |
get firewall sync stats
|
Display firewall threshold alarmsDisplay firewall threshold alarms. |
get firewall threshold-alarms
|
Display firewall thresholdsDisplay firewall thresholds. |
get firewall thresholds
|
Display firewall VIFsDisplay firewall VIFs |
get firewall vifs
|
Display firewall vsipioctl fqdn entries with no debugDisplay firewall vsipioctl fqdn entries with no debug. |
get firewall vsipioctl <vsip_commands> [<vsip_param>]
|
Display reputation and category info about URLDisplay reputation and category info about URL |
get url-classification <url-string-arg>
|
Set peer configuration for firewall active/standbySet the peer configuration for active/standby configuration. This configuration happens automatically when firewall rules are added to an active/standby logical router via the NSX Manager web interface or API. This command should be used for advanced configuration or troubleshooting only. If you manually configure the active/standby peer on an
edge node, you must also configure its peer.
|
set firewall <dpd-uuid-firewall-port-arg> local-ip <ip-address> sync-peer <nsxa-uuid-lrouter-port-arg> sync-peer-ip <ip-address>
|
Set mode for firewall synchronizationSet the firewall synchronization mode for active/standby configuration. This configuration happens automatically when firewall rules are added to an active/standby logical router via the NSX Manager web interface or API. This command should be used for advanced configuration or troubleshooting only. If you manually configure the active/standby sync, you must
correctly configure both edge nodes in the active/standby
configuration. One node must be configured as primary
and one as secondary. One node must be configured as active,
and one as passive.
|
set firewall <dpd-uuid-firewall-port-arg> sync-rank <fw-primary-arg> sync-mode <fw-active-arg>
|
Start firewall synchronization for the logical router interfaceStart firewall synchronization for the logical router interface. Synchronization happens automatically, but you can optionally start a bulk sync to more quickly synchronize a new or restarted standby router. The sync must be started from the primary router. |
start firewall <dpd-uuid-firewall-port-arg> bulk-sync
|
Stop firewall bulk synchronization for the logical router interfaceStop firewall bulk synchronization for the logical router interface. |
stop firewall <dpd-uuid-firewall-port-arg> bulk-sync
|
Total commands: 61