Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

Configuring SNMP traps for the vCenter Server

Steps to configure the vCenter Server to generate SNMP traps:

A.In the Home page of vSphere Client
B.Select vCenter Server Settings 
C.Select SNMP configuration
D.Enable one of the SNMP receivers
E. Provide the details for : 

  • Receiver URL : Provide the host name of the Management Server (target SNMP server / monitoring tool) which will be connected to the VMware vCenter Server.(VMware vCenter Server sends the SNMP traps to this Management Server)
  • Configure port 162 as the SNMP port.
  • Community String: Provide community string (default string is "public") SNMP versions v1/v2/v3 are supported

That is all that is needed for the configuration.  Now you need to configure alarm for generating SNMP traps in the vCenter server. When ever there is a change in the environment ( host state change, VM state change ,etc) the trigger will be generated and send an alert to the monitoring server. 

Configure the Alarms

After you have setup the external SNMP server, vCenter Server can now ready to send SNMP traps to it. There are  alarms in vCenter Server that are configured to send traps by default. So your SNMP server should receive alarms as soon as you have the SNMP setup.


  • Add an alarm to monitor the changes related to VM state and vCenter Server status, and then adding the appropriate action (ie, send a notification trap).
  • In the Home page of the VMware vSphere Client, select Hosts and Clusters and right-click on the VMware vCenter Server, data-center or an individual virtual machine to set the alarm. You can set the alarm at an individual virtual machine level, at the data center level, or at the entire VMware vCenter Server level. It is recommended to set it at the VMware vCenter Server level.
  • In the General tab, provide alarm details with alarm type set for monitoring the virtual machines. Enter the details as listed in the following table:
  • Alarm Name :Provide the name of the alarm.
  • Description :Provide additional information about the alarm.
  • Alarm Type :Select Virtual Machines in the Monitor drop-down list.
  • Select Monitor for specific events occurring on this object, for example, VM powered On option. Ensure that Enable this alarm check box is selected.
  • In the Triggers tab, add the required triggers to monitor the states of the virtual machine. For example, VM created, VM migrated, VM powered on, VM powered off, VM suspended, and so on.

Provide information on when to send the notification trap.

In the Actions tab of the Alarm Settings panel, click Add to add a new action. In the Action drop-down list, select Send a notification trap option. 

That's it. You now will be able to see the alerts in the monitoring tool dashboard. 

Cheers ! 

Popular posts from this blog

What is a Sysvol?


AD LDS – Syncronizing AD LDS with Active Directory