VMware NSX-T Data Center focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks.
This document provides information about the VMware NSX T connector, which facilitates automated interactions, with a VMware NSX T server using FortiSOAR™ playbooks. Add the VMware NSX T connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all the security policies for a specific domain from VMware NSX T, creating or updating the group for the specified domain in VMware NSX T, adding or removing the specified MAC addresses from the specified expression of a group in VMware NSX T, etc.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-vmware-nsx-t
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the VMware NSX T connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | The URL of the VMware NSX-T server to which you will connect and perform the automated operations. |
| Username | The username used to access the VMware NSX-T server to which you will connect and perform the automated operations. |
| Password | The password used to access the VMware NSX-T server to which you will connect and perform the automated operations. |
| Verify SSL | Select this checkbox to verify the SSL server certificate. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Security Policies List | Retrieves a list of all the security policies for a specific domain from VMware NSX T based on the domain ID and other input parameters you have specified. | get_security_policies_list Investigation |
| Get Security Policy Details | Retrieves details of a specific security policy for a specific domain from VMware NSX T based on the domain ID and policy ID you have specified. | get_security_policy_details Investigation |
| Upsert Security Policy | Creates or Updates the security policy for the specified domain in VMware NSX T based on the domain ID, policy ID, and other input parameters you have specified. If a security policy for the given security-policy-id is not present, then the security policy object gets created, and if it is present then the security policy object gets updated, i.e. it will get completely replaced. |
upsert_security_policy Miscellaneous |
| Delete Security Policy | Deletes a specific security policy, along with all the rules, from the specified domain in VMware NSX T based on the domain ID and policy ID you have specified. | delete_security_policy Miscellaneous |
| Get Groups List | Retrieves a list of groups for a specific domain from VMware NSX T based on the domain ID and other input parameters you have specified. Note: Groups can be filtered using the member_types query parameter, which returns the groups that contain the specified member types. |
get_groups_list Investigation |
| Get Group Details | Retrieves details of a specific group for a specific domain from VMware NSX T based on the domain ID and group ID you have specified. | get_group_details Investigation |
| Upsert Group | Creates or Updates the group for the specified domain in VMware NSX T based on the domain ID, group ID, and other input parameters (fields) you have specified. If a group for the given group-id is not present, then the group object gets created, and if it is present then the group object gets updated, i.e. it will get completely replaced. |
upsert_group Miscellaneous |
| Delete Group | Deletes a specific group from the specified domain in VMware NSX T based on the domain ID and group ID you have specified. | delete_group Miscellaneous |
| Add/Remove IP Addresses | Adds or removes the specified IP addresses from the specified expression of a group in VMware NSX T based on the domain ID, group ID, expression ID, and other input parameters you have specified. | add_remove_ip_addresses Investigation |
| Add/Remove MAC Addresses | Adds or removes the specified MAC addresses from the specified expression of a group in VMware NSX T based on the domain ID, group ID, expression ID, and other input parameters you have specified. | add_remove_mac_addresses Investigation |
| Get Rules List | Retrieves a list of all the firewall rules for a specific domain from VMware NSX T based on the domain ID, policy ID, and rule ID you have specified. | get_rules_list Investigation |
| Get Rule Details | Retrieves details of a specific firewall for a specific domain from VMware NSX T based on the domain ID and group ID you have specified. | get_rule_details Investigation |
| Upsert Rule | Creates or Updates the firewall rule for the specified domain and policy in VMware NSX T based on the domain ID, policy ID, rule ID, and other input parameters you have specified. If a group for the given rule-id is not present, then the rule object gets created, and if it is present then the rule object gets updated, i.e. it will get completely replaced. |
upsert_rule Miscellaneous |
| Delete Rule | Deletes a specific rule from the specified domain and policy in VMware NSX T based on the domain ID, policy ID, and rule ID you have specified. | delete_rule Miscellaneous |
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of security policies. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Include Rule Count | Select this checkbox to include the count of rules in the specified policy in the results of this operation, i.e., the rule_count field in the results gets populated with the count of rules in the particular policy. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"internal_sequence_number": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified security policy. |
| Policy ID | Specify the ID of the policy whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"rules": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
],
"category": "",
"precedence": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified security policy. |
| Policy ID | Specify the ID of the security policy that you want to create or update for the specified domain. |
| Display Name | (Optional) The name or identifier of the security policy that will be used to display this security policy in logs or GUI. |
| Description | (Optional) The description of the security policy that you want to create or update for the specified domain. |
| Category |
The policy framework provides five pre-defined categories for classifying a security policy: "Ethernet", "Emergency", "Infrastructure", "Environment", and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies:
You can choose to categorize the security policy into the available categories or can choose to leave it empty. If you leave it empty it will have the least precedence of the categories. |
| Comments | (Optional) The comments that you want to add for security policy lock or unlock. |
| Rules | (Optional) Specify an array of rules in the JSON format for the specified security policy. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified security policy. |
The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified security policy. |
| Policy ID | Specify the ID of the security policy that you want to delete from the specified domain. |
The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of groups. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Member Types | (Optional) Specify comma-separated valid member types using which you want to filter the VMware NSX T groups. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified group. |
| Group ID | Specify the ID of the group whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified group. |
| Group ID | Specify the ID of the group that you want to create or update in the specified domain. |
| Display Name | (Optional) The name or identifier of the group that will be used to display this group in logs or GUI. |
| Description | (Optional) The description of the group that you want to create or update for the specified domain. |
| Group Type | (Optional) Specify a CSV list of group types that you want to assign to the specified group. |
| State | Select the realization state that you want to assign to the specified group. You can choose between IN PROGRESS, SUCCESS, OR FAILURE. |
| Expression | (Optional) Specify the array of conditional expressions for the specified group. |
| Tags | (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified group. Note: You can specify a maximum of 30 items. |
| Extended Expression | (Optional) Specify the array of extended expressions for the specified group. Extended Expressions allow additional higher-level context to be specified for grouping criteria. For example, user AD group. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified group. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified group. |
| Group ID | Specify the ID of the group that you want to delete from the specified domain. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID in which you want to add or remove the specified IP addresses. |
| Group ID | Specify the group ID in which you want to add or remove the specified IP addresses. |
| Expression ID | Specify the ID of the Expression in which you want to add or remove the specified IP addresses. |
| Action | Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the IP addresses. |
| IP Addresses | Specify a CSV list of IP addresses that you want to add or remove from the specified expression of a group in VMware NSX T. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID in which you want to add or remove the specified MAC addresses. |
| Group ID | Specify the group ID in which you want to add or remove the specified MAC addresses. |
| Expression ID | Specify the ID of the Expression in which you want to add or remove the specified MAC addresses. |
| Action | Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the MAC addresses. |
| MAC Addresses | Specify a CSV list of MAC addresses that you want to add or remove from the specified expression of a group in VMware NSX T. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of firewall rules. |
| Policy ID | Specify the policy ID whose rules you want to retrieve from VMware NSX T. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort by Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified firewall rules. |
| Policy ID | Specify the policy ID for which you want to retrieve the details of the specified firewall rules. |
| Rule ID | Specify the ID of the rule whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified rule. |
| Policy ID | Specify the policy ID for which you want to create or update the specified rule. |
| Rule ID | Specify the ID of the rule that you want to create or update in the specified domain and policy. |
| Display Name | (Optional) The name or identifier of the rule that will be used to display this rule in logs or GUI. |
| Description | (Optional) The description of the rule that you want to create or update in the specified domain and policy. |
| Source Group Paths |
(Optional) Specify a CSV list of source group paths for the specified rule. |
| Destination Groups Paths | (Optional) Specify a CSV list of destination group paths for the specified rule. Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses. Note: To specify all groups, use the constant " ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array. |
| Logged | Select this checkbox to enable packet logging for the specified rule. |
| Disabled | Select this checkbox to disable the rule. By default, this checkbox is unchecked, i.e., the rule is enabled. |
| Scope | (Optional) Specify a CSV list of policy paths where the specified rule is to be applied. Note: A given rule can be applied on multiple LRs/LRPs. |
| Action | Select the action to be applied to all the services of the rule that you want to create or update. You can choose between ALLOW, DROP, REJECT, or JUMP_TO_APPLICATION. The JUMP_TO_APPLICATION action is supported only for rules created in the "Environment" category. Once a match is hit then the rule processing jumps to the rules present in the "Application" category, skipping all further rules in the "Environment" category. If the rules do not match in the "Application" category, then the default application rule will be hit. This is applicable only for DFW. |
| Notes | (Optional) Specify additional notes for changes made for the specified rule. |
| Tags | (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified rule. Note: You can specify a maximum of 30 items. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified rule. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified rule. |
| Policy ID | Specify the policy ID from which you want to delete the specified group. |
| Rule ID | Specify the ID of the rule that you want to delete from the specified domain and policy. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
The Sample - VMware NSX T - 1.0.0 playbook collection comes bundled with the VMware NSX T connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMware NSX T connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
VMware NSX-T Data Center focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks.
This document provides information about the VMware NSX T connector, which facilitates automated interactions, with a VMware NSX T server using FortiSOAR™ playbooks. Add the VMware NSX T connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all the security policies for a specific domain from VMware NSX T, creating or updating the group for the specified domain in VMware NSX T, adding or removing the specified MAC addresses from the specified expression of a group in VMware NSX T, etc.
Connector Version: 1.0.0
Authored By: Community
Certified: No
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-vmware-nsx-t
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the VMware NSX T connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | The URL of the VMware NSX-T server to which you will connect and perform the automated operations. |
| Username | The username used to access the VMware NSX-T server to which you will connect and perform the automated operations. |
| Password | The password used to access the VMware NSX-T server to which you will connect and perform the automated operations. |
| Verify SSL | Select this checkbox to verify the SSL server certificate. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Get Security Policies List | Retrieves a list of all the security policies for a specific domain from VMware NSX T based on the domain ID and other input parameters you have specified. | get_security_policies_list Investigation |
| Get Security Policy Details | Retrieves details of a specific security policy for a specific domain from VMware NSX T based on the domain ID and policy ID you have specified. | get_security_policy_details Investigation |
| Upsert Security Policy | Creates or Updates the security policy for the specified domain in VMware NSX T based on the domain ID, policy ID, and other input parameters you have specified. If a security policy for the given security-policy-id is not present, then the security policy object gets created, and if it is present then the security policy object gets updated, i.e. it will get completely replaced. |
upsert_security_policy Miscellaneous |
| Delete Security Policy | Deletes a specific security policy, along with all the rules, from the specified domain in VMware NSX T based on the domain ID and policy ID you have specified. | delete_security_policy Miscellaneous |
| Get Groups List | Retrieves a list of groups for a specific domain from VMware NSX T based on the domain ID and other input parameters you have specified. Note: Groups can be filtered using the member_types query parameter, which returns the groups that contain the specified member types. |
get_groups_list Investigation |
| Get Group Details | Retrieves details of a specific group for a specific domain from VMware NSX T based on the domain ID and group ID you have specified. | get_group_details Investigation |
| Upsert Group | Creates or Updates the group for the specified domain in VMware NSX T based on the domain ID, group ID, and other input parameters (fields) you have specified. If a group for the given group-id is not present, then the group object gets created, and if it is present then the group object gets updated, i.e. it will get completely replaced. |
upsert_group Miscellaneous |
| Delete Group | Deletes a specific group from the specified domain in VMware NSX T based on the domain ID and group ID you have specified. | delete_group Miscellaneous |
| Add/Remove IP Addresses | Adds or removes the specified IP addresses from the specified expression of a group in VMware NSX T based on the domain ID, group ID, expression ID, and other input parameters you have specified. | add_remove_ip_addresses Investigation |
| Add/Remove MAC Addresses | Adds or removes the specified MAC addresses from the specified expression of a group in VMware NSX T based on the domain ID, group ID, expression ID, and other input parameters you have specified. | add_remove_mac_addresses Investigation |
| Get Rules List | Retrieves a list of all the firewall rules for a specific domain from VMware NSX T based on the domain ID, policy ID, and rule ID you have specified. | get_rules_list Investigation |
| Get Rule Details | Retrieves details of a specific firewall for a specific domain from VMware NSX T based on the domain ID and group ID you have specified. | get_rule_details Investigation |
| Upsert Rule | Creates or Updates the firewall rule for the specified domain and policy in VMware NSX T based on the domain ID, policy ID, rule ID, and other input parameters you have specified. If a group for the given rule-id is not present, then the rule object gets created, and if it is present then the rule object gets updated, i.e. it will get completely replaced. |
upsert_rule Miscellaneous |
| Delete Rule | Deletes a specific rule from the specified domain and policy in VMware NSX T based on the domain ID, policy ID, and rule ID you have specified. | delete_rule Miscellaneous |
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of security policies. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Include Rule Count | Select this checkbox to include the count of rules in the specified policy in the results of this operation, i.e., the rule_count field in the results gets populated with the count of rules in the particular policy. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"internal_sequence_number": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified security policy. |
| Policy ID | Specify the ID of the policy whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"rules": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
],
"category": "",
"precedence": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified security policy. |
| Policy ID | Specify the ID of the security policy that you want to create or update for the specified domain. |
| Display Name | (Optional) The name or identifier of the security policy that will be used to display this security policy in logs or GUI. |
| Description | (Optional) The description of the security policy that you want to create or update for the specified domain. |
| Category |
The policy framework provides five pre-defined categories for classifying a security policy: "Ethernet", "Emergency", "Infrastructure", "Environment", and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies:
You can choose to categorize the security policy into the available categories or can choose to leave it empty. If you leave it empty it will have the least precedence of the categories. |
| Comments | (Optional) The comments that you want to add for security policy lock or unlock. |
| Rules | (Optional) Specify an array of rules in the JSON format for the specified security policy. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified security policy. |
The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified security policy. |
| Policy ID | Specify the ID of the security policy that you want to delete from the specified domain. |
The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of groups. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Member Types | (Optional) Specify comma-separated valid member types using which you want to filter the VMware NSX T groups. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified group. |
| Group ID | Specify the ID of the group whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified group. |
| Group ID | Specify the ID of the group that you want to create or update in the specified domain. |
| Display Name | (Optional) The name or identifier of the group that will be used to display this group in logs or GUI. |
| Description | (Optional) The description of the group that you want to create or update for the specified domain. |
| Group Type | (Optional) Specify a CSV list of group types that you want to assign to the specified group. |
| State | Select the realization state that you want to assign to the specified group. You can choose between IN PROGRESS, SUCCESS, OR FAILURE. |
| Expression | (Optional) Specify the array of conditional expressions for the specified group. |
| Tags | (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified group. Note: You can specify a maximum of 30 items. |
| Extended Expression | (Optional) Specify the array of extended expressions for the specified group. Extended Expressions allow additional higher-level context to be specified for grouping criteria. For example, user AD group. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified group. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified group. |
| Group ID | Specify the ID of the group that you want to delete from the specified domain. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID in which you want to add or remove the specified IP addresses. |
| Group ID | Specify the group ID in which you want to add or remove the specified IP addresses. |
| Expression ID | Specify the ID of the Expression in which you want to add or remove the specified IP addresses. |
| Action | Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the IP addresses. |
| IP Addresses | Specify a CSV list of IP addresses that you want to add or remove from the specified expression of a group in VMware NSX T. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID in which you want to add or remove the specified MAC addresses. |
| Group ID | Specify the group ID in which you want to add or remove the specified MAC addresses. |
| Expression ID | Specify the ID of the Expression in which you want to add or remove the specified MAC addresses. |
| Action | Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the MAC addresses. |
| MAC Addresses | Specify a CSV list of MAC addresses that you want to add or remove from the specified expression of a group in VMware NSX T. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the list of firewall rules. |
| Policy ID | Specify the policy ID whose rules you want to retrieve from VMware NSX T. |
| Include Delete Objects | Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation. |
| Page Size | (Optional) The maximum number of results, per page, that this operation should return. |
| Sort by Field | (Optional) The name of the field based on which you want to sort the result. |
| Sort Ascending | Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort by Field parameter. |
| Cursor | (Optional) The opaque cursor to be used for getting the next page of records. |
The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to retrieve the details of the specified firewall rules. |
| Policy ID | Specify the policy ID for which you want to retrieve the details of the specified firewall rules. |
| Rule ID | Specify the ID of the rule whose details you want to retrieve from VMware NSX T. |
The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID for which you want to create or update the specified rule. |
| Policy ID | Specify the policy ID for which you want to create or update the specified rule. |
| Rule ID | Specify the ID of the rule that you want to create or update in the specified domain and policy. |
| Display Name | (Optional) The name or identifier of the rule that will be used to display this rule in logs or GUI. |
| Description | (Optional) The description of the rule that you want to create or update in the specified domain and policy. |
| Source Group Paths |
(Optional) Specify a CSV list of source group paths for the specified rule. |
| Destination Groups Paths | (Optional) Specify a CSV list of destination group paths for the specified rule. Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses. Note: To specify all groups, use the constant " ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array. |
| Logged | Select this checkbox to enable packet logging for the specified rule. |
| Disabled | Select this checkbox to disable the rule. By default, this checkbox is unchecked, i.e., the rule is enabled. |
| Scope | (Optional) Specify a CSV list of policy paths where the specified rule is to be applied. Note: A given rule can be applied on multiple LRs/LRPs. |
| Action | Select the action to be applied to all the services of the rule that you want to create or update. You can choose between ALLOW, DROP, REJECT, or JUMP_TO_APPLICATION. The JUMP_TO_APPLICATION action is supported only for rules created in the "Environment" category. Once a match is hit then the rule processing jumps to the rules present in the "Application" category, skipping all further rules in the "Environment" category. If the rules do not match in the "Application" category, then the default application rule will be hit. This is applicable only for DFW. |
| Notes | (Optional) Specify additional notes for changes made for the specified rule. |
| Tags | (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified rule. Note: You can specify a maximum of 30 items. |
| Additional Fields | (Optional) Specify any additional fields in the JSON format for the specified rule. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
| Parameter | Description |
|---|---|
| Domain ID | Specify the domain ID from which you want to delete the specified rule. |
| Policy ID | Specify the policy ID from which you want to delete the specified group. |
| Rule ID | Specify the ID of the rule that you want to delete from the specified domain and policy. |
The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}
The Sample - VMware NSX T - 1.0.0 playbook collection comes bundled with the VMware NSX T connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMware NSX T connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
