NSX DFW Universal Artifacts

It is easy to manage objects in universal security groups across the various
VMware vCenter
and NSX deployments.
VMware Aria Operations for Networks
supports the generation and the import of the universal artifacts for the Application and Tier groups only. With the universal security groups, it becomes easy to deploy and manage the firewall rules easily in the cross
VMware vCenter
scenarios. Ensure that you import the universal artifacts on the primary NSX manager. You can manage the membership of the universal security group only through the primary NSX manager.
A universal security group can consist of:
  • Other universal groups
  • Universal IP sets
  • Universal Security Tag
When you export the rules as XML, in addition to the NSX manager specific folders, a universal folder is created which consists of the NSX DFW universal artifacts. The corresponding universal security groups, universal IP sets, universal security tags, and universal DFW firewall rules are created after importing the NSX DFW universal artifacts.
  • The universal security tag is supported in only active-standby mode.
  • The universal IP set is supported in both active-active and active-standby modes.
You can create universal IP set or universal security tag based on your requirement. If you create the universal security tag, then you can map the application VM to the security tag. Else, the universal IP set is used.
You can use the following flags in the import tool:
Flag Name
Description
-uni
To import artifacts from the universal folder.
-utag
To import the universal artifacts with the universal security tags in the membership of the universal security groups.
-log
To create rules in which logging is enabled.
This flag is not specific to universal option.