Reset VMware NSX-V DFW to Default Setting via NSX REST API with Python

Posted on December 31, 2015 by Humair

I’ve been playing with the VMware NSX-V 6.2 REST API using both a browser based REST API client and Python. While I was exploring different methods, I deleted the default NSX-V Distributed Firewall (DFW) L3 section via REST API call within Python. Unfortunately, this prevents me from being able to add any rules to the NSX-V DFW, since rules must be added to a section, and I deleted the default DFW L3 section. The only way to add another section through the VMware vSphere web client is to right click an existing section and select “Add section,” however since I only had the default section which I deleted, this is no longer an option.

The Python code I used to delete the default NSX-V DFW L3 section is shown below. You can download the Python script and other NSX Python scripts from my Github site or directly from the Downloads section of this site (direct link here).

Python script to delete VMware NSX DFW secton

Python script to delete VMware NSX DFW secton

As you can see from the below screenshot of vSphere Web Client, the default VMware NSX DFW L3 Section has been deleted, and, in consequence, all buttons to add or edit rules have been automatically grayed out.

VMware NSX-V DFW default L3 section deleted

VMware NSX-V DFW default L3 section deleted

The fix for this is to reset the DFW to the default setting. Note, this fix could also be used in other situations like where a user has accidentally locked himself out of vCenter and DFW GUI management access via DFW rule. Unfortunately, there is no GUI feature within vSphere web client that provides this option. However, the issue can be resolved via NSX REST API call. Below is the Python code I used to reset the DFW to default setting. You can download the Python script and other NSX Python scripts from my Github site or directly from the Downloads section of this site (direct link here).

Pythons script sets VMware NSX DFW to default setting

Pythons script sets VMware NSX DFW to default setting

As you can see from the below screenshot of vSphere Web Client, the default setting for VMware NSX DFW is back. VMware NSX L3 Section and default rules have been recreated.

Default setting for VMware NSX DFW

Default setting for VMware NSX DFW



Follow me on Twitter: @Humair_Ahmed

This entry was posted in Labs, Network Security, Networking, Programming Languages, Python, Security, Technology, Virtualization and Cloud Computing, VMware, VMware, VMware and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


× four = 20