I’ve been playing with the VMware NSX-V 6.2 REST API using both a browser based REST API client and Python. While I was exploring different methods, I deleted the default NSX-V Distributed Firewall (DFW) L3 section via REST API call within Python. Unfortunately, this prevents me from being able to add any rules to the NSX-V DFW, since rules must be added to a section, and I deleted the default DFW L3 section. The only way to add another section through the VMware vSphere web client is to right click an existing section and select “Add section,” however since I only had the default section which I deleted, this is no longer an option.
The Python code I used to delete the default NSX-V DFW L3 section is shown below. You can download the Python script and other NSX Python scripts from my Github site or directly from the Downloads section of this site (direct link here).
As you can see from the below screenshot of vSphere Web Client, the default VMware NSX DFW L3 Section has been deleted, and, in consequence, all buttons to add or edit rules have been automatically grayed out.
The fix for this is to reset the DFW to the default setting. Note, this fix could also be used in other situations like where a user has accidentally locked himself out of vCenter and DFW GUI management access via DFW rule. Unfortunately, there is no GUI feature within vSphere web client that provides this option. However, the issue can be resolved via NSX REST API call. Below is the Python code I used to reset the DFW to default setting. You can download the Python script and other NSX Python scripts from my Github site or directly from the Downloads section of this site (direct link here).
As you can see from the below screenshot of vSphere Web Client, the default setting for VMware NSX DFW is back. VMware NSX L3 Section and default rules have been recreated.
Tags: Delete DFW rule, Delete DFW rules, Delete NSX DFW rule, Delete NSX DFW rules, Delete NSX-V DFW rule, Delete NSX-V DFW rules, Delete VMware NSX DFW rule, Delete VMware NSX DFW rules, Delete VMware NSX-V DFW rule, Delete VMware NSX-V DFW rules, DFW, DFW L3 section, DFW REST API, distributed firewall, NSX, NSX 6.2, NSX DFW, NSX DFW L3 section, NSX Distributed Firewall, NSX REST API, NSX-V, NSX-V 6.2, NSX-V DFW, NSX-V DFW L3 section, NSX-V Distributed Firewall, NSX-V REST API, Python, Python NSX 6.2 REST API, Python NSX REST API, Reset NSX DFW to Default Setting, Reset NSX DFW to Default Setting via NSX REST API with Python, Reset NSX-V 6.2 DFW to Default Setting, Reset NSX-V DFW to Default Setting, Reset NSX-V DFW to Default Setting via NSX REST API with Python, reset the DFW, reset the Distributed Firewall, Reset VMware NSX DFW to Default Setting via NSX REST API with Python, Reset VMware NSX-V DFW to Default Setting via NSX REST API with Python, REST API, vmware, VMware NSX, VMware NSX 6.2, VMware NSX DFW default L3 section, VMware NSX DFW REST API, VMware NSX Python Scripts, VMware NSX REST API, VMware NSX-V, VMware NSX-V 6.2, VMware NSX-V DFW, VMware NSX-V DFW default L3 section, VMware NSX-V DFW Default Setting, VMware NSX-V Python Scripts, VMware NSX-V REST API