VMware Aria Operations for Networks 6.14

6.14 6.13 6.12 6.11 6.10

Generating the Recommended Firewall Rules

VMware Aria Operations for Networks provides APIs to generate the recommended firewall rules based on the flow data.
Recommended firewall rules API provides the service to retrieve recommended rules based on flow traffic that is observed between two groups or for a single group based on all the inbound and outbound traffic for that group. If two groups are provided, both groups must be of the same type. Groups that are currently supported include Application, Tier, NSXSecurityGroup, and EC2SecurityGroup. You can provide
time_range
 to determine the flow traffic that is considered for the recommended rules computation. If
ime_range
 is not provided, flow traffic for the last 24 hours is considered.

Retrieve the Recommended Rules for an Application

Prerequisite
Verify that you have the entity ID of the application. Use the search service to determineRetrieve recommended the application entity ID from application name.
Procedure
  1. To determine the recommended rules for the application, make a POST request with the entity ID of the application. In the following sample request, rules are computed for the application with entity ID 10000:561:1663604768.
    Request 
POST https://operations-for-networks.example.com/api/ni/micro-seg/recommended-rules

Request body:
{
  "group_1": {
  	"entity": {
		"entity_type": "Application",
    	"entity_id": "10000:561:1663604768"
  	}
  },
  "time_range": {
        "start_time": 1508993971275,
        "end_time": 1509080371275
    }
}

Response body:
{
    "recommended_rules": [
        {
            "sources": [
                {
                    "entity_id": "10000:562:1904698621",
                    "entity_type": "Tier"
                }
            ],
            "destinations": [
                {
                    "entity_id": "10000:562:1780351215",
                    "entity_type": "Tier"
                }
            ],
            "protocols": [
                "UDP"
            ],
            "port_ranges": [
                {
                    "start": 53,
                    "end": 53
                },
                {
                    "start": 1025,
                    "end": 1025
                }
            ],
            "action": "ALLOW"
        },
        ...
    ],
    "time_range": {
        "start_time": 1508993971275,
        "end_time": 1509080371275
    }
}

Retrieve the Recommended Rules Between Two Tiers

Prerequisite
Ensure that you have the entity ID of Tier1 and Tier2.
Procedure
  1. To determine the recommended rules, make a POST request with the entiyID of the tiers. In the following sample request, rules are computed for the tier with entity ID 10000:562:190469862 and tier with entity ID 10000:562:178035121.
    Request 
POST https://operations-for-networks.example.com/api/ni/micro-seg/recommended-rules

Request body:
{
  "group_1": {
  	"entity": {
		"entity_type": "Tier",
    		"entity_id": "10000:562:1904698621"
  	}
  }, 
  "group_2": {
  	"entity": {
		"entity_type": "Tier",
    		"entity_id": "10000:562:1780351215"
  	}
  }
}

Response body:
{
    "recommended_rules": [
        {
            "sources": [
                {
                    "entity_id": "10000:562:1904698621",
                    "entity_type": "Tier"
                }
            ],
            "destinations": [
                {
                    "entity_id": "10000:562:1780351215",
                    "entity_type": "Tier"
                }
            ],
            "protocols": [
                "UDP"
            ],
            "port_ranges": [
                {
                    "start": 53,
                    "end": 53
                },
                {
                    "start": 1025,
                    "end": 1025
                }
            ],
            "action": "ALLOW"
        }
    ],
    "time_range": {
        "start_time": 1508996919391,
        "end_time": 1509083319391
    }
}

Export the Recommended Rules for an Application in the NSX Compatible Format

You can also export the recommended firewall rules and security groups in NSX compatible format as a ZIP file using this API.
Prerequisite
Ensure that you have the entity ID of the application. Use the search service to fetch the application ID from the name.
Procedure
  1. To determine the recommended rules for the application, make a POST request using the application entity ID.
    For example:
    Request 
POST https://operations-for-networks.example.com/api/ni/micro-seg/recommended-rule/nsx
Request Header
Accept-Type: "application/octet-stream"
Request Body:
{
  "group_1": {
  	"entity": {
		"entity_type": "Application",
    	"entity_id": "10000:561:1663604768"
  	}
  },
  "time_range": {
        "start_time": 1508993971275,
        "end_time": 1509080371275
    }
}

Response
    Zip File containing the NSX artifacts.

Exporting Recommended Rules Between Two Tiers in NSX Compatible Format

Prerequisite
Ensure that you have the entity ID of Tier1 and Tier2.
Procedure
  1. To determine the recommended rules, make a POST request.
    For example:
    Request 
POST https://operations-for-networks.example.com/api/ni/micro-seg/recommended-rule/nsx
Request Header
Accept-Type: "application/octet-stream"
Request Body:
{
  "group_1": {
  	"entity": {
		"entity_type": "Tier",
    		"entity_id": "10000:562:1904698621"
  	}
  }, 
  "group_2": {
  	"entity": {
		"entity_type": "Tier",
    		"entity_id": "10000:562:1780351215"
  	}
  }
}
Response
    Zip File containing the NSX artifacts.

Content feedback and comments