Fortinet black logo

VMware NSX-T v1.1.0

1.1.0
Copy Link
Copy Doc ID e9951a1a-cd4d-11ed-8e6d-fa163e15d75b:543

About the connector

VMware NSX-T Data Center focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks.

This document provides information about the VMware NSX-T connector, which facilitates automated interactions, with a VMware NSX-T server using FortiSOAR™ playbooks. Add the VMware NSX-T connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all the security policies for a specific domain from VMware NSX-T, creating or updating the group for the specified domain in VMware NSX-T, adding or removing the specified MAC addresses from the specified expression of a group in VMware NSX-T, etc.

Version information

Connector Version: 1.1.0

Authored By: Fortinet

Certified: No

Release Notes for version 1.1.0

The following enhancements have been made to the VMware NSX-T Connector in version 1.1.0:

  • Added a new action named 'Manage VM TAG'.

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-vmware-nsx-t

Prerequisites to configuring the connector

  • You must have the URL of the VMware NSX-T server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the VMware NSX-T server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the VMware NSX-T connector card. On the connector popup, click the Configurations tab to enter the required configuration details:

Parameter Description
Server URL The URL of the VMware NSX-T server to which you will connect and perform the automated operations.
Username The username used to access the VMware NSX-T server to which you will connect and perform the automated operations.
Password The password used to access the VMware NSX-T server to which you will connect and perform the automated operations.
Verify SSL Select this checkbox to verify the SSL server certificate.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Get Security Policies List Retrieves a list of all the security policies for a specific domain from VMware NSX-T based on the domain ID and other input parameters you have specified. get_security_policies_list
Investigation
Get Security Policy Details Retrieves details of a specific security policy for a specific domain from VMware NSX-T based on the domain ID and policy ID you have specified. get_security_policy_details
Investigation
Upsert Security Policy Creates or Updates the security policy for the specified domain in VMware NSX-T based on the domain ID, policy ID, and other input parameters you have specified.
If a security policy for the given security-policy-id is not present, then the security policy object gets created, and if it is present then the security policy object gets updated, i.e. it will get completely replaced.
upsert_security_policy
Miscellaneous
Delete Security Policy Deletes a specific security policy, along with all the rules, from the specified domain in VMware NSX-T based on the domain ID and policy ID you have specified. delete_security_policy
Miscellaneous
Get Groups List Retrieves a list of groups for a specific domain from VMware NSX-T based on the domain ID and other input parameters you have specified.
Note: Groups can be filtered using the member_types query parameter, which returns the groups that contain the specified member types.
get_groups_list
Investigation
Get Group Details Retrieves details of a specific group for a specific domain from VMware NSX-T based on the domain ID and group ID you have specified. get_group_details
Investigation
Upsert Group Creates or Updates the group for the specified domain in VMware NSX-T based on the domain ID, group ID, and other input parameters (fields) you have specified.
If a group for the given group-id is not present, then the group object gets created, and if it is present then the group object gets updated, i.e. it will get completely replaced.
upsert_group
Miscellaneous
Delete Group Deletes a specific group from the specified domain in VMware NSX-T based on the domain ID and group ID you have specified. delete_group
Miscellaneous
Add/Remove IP Addresses Adds or removes the specified IP addresses from the specified expression of a group in VMware NSX-T based on the domain ID, group ID, expression ID, and other input parameters you have specified. add_remove_ip_addresses
Investigation
Add/Remove MAC Addresses Adds or removes the specified MAC addresses from the specified expression of a group in VMware NSX-T based on the domain ID, group ID, expression ID, and other input parameters you have specified. add_remove_mac_addresses
Investigation
Get Rules List Retrieves a list of all the firewall rules for a specific domain from VMware NSX-T based on the domain ID, policy ID, and rule ID you have specified. get_rules_list
Investigation
Get Rule Details Retrieves details of a specific firewall for a specific domain from VMware NSX-T based on the domain ID and group ID you have specified. get_rule_details
Investigation
Upsert Rule Creates or Updates the firewall rule for the specified domain and policy in VMware NSX-T based on the domain ID, policy ID, rule ID, and other input parameters you have specified.
If a group for the given rule-id is not present, then the rule object gets created, and if it is present then the rule object gets updated, i.e. it will get completely replaced.
upsert_rule
Miscellaneous
Delete Rule Deletes a specific rule from the specified domain and policy in VMware NSX-T based on the domain ID, policy ID, and rule ID you have specified. delete_rule
Miscellaneous
Manage VM TAG Adds, updates, or deletes tags for a specific Virtual Machine(VM) based on the external ID of the VM, tag, scope, and action you have specified. manage_vm_tag
Miscellaneous

operation: Get Security Policies List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of security policies.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Include Rule Count Select this checkbox to include the count of rules in the specified policy in the results of this operation, i.e., the rule_count field in the results gets populated with the count of rules in the particular policy.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"internal_sequence_number": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Security Policy Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified security policy.
Policy ID Specify the ID of the policy whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"rules": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
],
"category": "",
"precedence": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Security Policy

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified security policy.
Policy ID Specify the ID of the security policy that you want to create or update for the specified domain.
Display Name (Optional) The name or identifier of the security policy that will be used to display this security policy in logs or GUI.
Description (Optional) The description of the security policy that you want to create or update for the specified domain.
Category

The policy framework provides five pre-defined categories for classifying a security policy: "Ethernet", "Emergency", "Infrastructure", "Environment", and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies:

  • The "Ethernet" category is for supporting layer 2 firewall rules.
  • The other four categories are applicable to layer 3 rules. Amongst them, the "Emergency" category has the highest priority followed by "Infrastructure", "Environment", and then "Application".

You can choose to categorize the security policy into the available categories or can choose to leave it empty. If you leave it empty it will have the least precedence of the categories.

Comments (Optional) The comments that you want to add for security policy lock or unlock.
Rules (Optional) Specify an array of rules in the JSON format for the specified security policy.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified security policy.

Output

The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}

operation: Delete Security Policy

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified security policy.
Policy ID Specify the ID of the security policy that you want to delete from the specified domain.

Output

The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}

operation: Get Groups List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of groups.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Member Types (Optional) Specify comma-separated valid member types using which you want to filter the VMware NSX-T groups.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Group Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified group.
Group ID Specify the ID of the group whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Group

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified group.
Group ID Specify the ID of the group that you want to create or update in the specified domain.
Display Name (Optional) The name or identifier of the group that will be used to display this group in logs or GUI.
Description (Optional) The description of the group that you want to create or update for the specified domain.
Group Type (Optional) Specify a CSV list of group types that you want to assign to the specified group.
State Select the realization state that you want to assign to the specified group. You can choose between IN PROGRESS, SUCCESS, OR FAILURE.
Expression (Optional) Specify the array of conditional expressions for the specified group.
Tags (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified group.
Note: You can specify a maximum of 30 items.
Extended Expression (Optional) Specify the array of extended expressions for the specified group. Extended Expressions allow additional higher-level context to be specified for grouping criteria. For example, user AD group.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified group.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Delete Group

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified group.
Group ID Specify the ID of the group that you want to delete from the specified domain.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add/Remove IP Addresses

Input parameters

Parameter Description
Domain ID Specify the domain ID in which you want to add or remove the specified IP addresses.
Group ID Specify the group ID in which you want to add or remove the specified IP addresses.
Expression ID Specify the ID of the Expression in which you want to add or remove the specified IP addresses.
Action Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the IP addresses.
IP Addresses Specify a CSV list of IP addresses that you want to add or remove from the specified expression of a group in VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add/Remove MAC Addresses

Input parameters

Parameter Description
Domain ID Specify the domain ID in which you want to add or remove the specified MAC addresses.
Group ID Specify the group ID in which you want to add or remove the specified MAC addresses.
Expression ID Specify the ID of the Expression in which you want to add or remove the specified MAC addresses.
Action Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the MAC addresses.
MAC Addresses Specify a CSV list of MAC addresses that you want to add or remove from the specified expression of a group in VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Get Rules List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of firewall rules.
Policy ID Specify the policy ID whose rules you want to retrieve from VMware NSX-T.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort by Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Rule Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified firewall rules.
Policy ID Specify the policy ID for which you want to retrieve the details of the specified firewall rules.
Rule ID Specify the ID of the rule whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Rule

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified rule.
Policy ID Specify the policy ID for which you want to create or update the specified rule.
Rule ID Specify the ID of the rule that you want to create or update in the specified domain and policy.
Display Name (Optional) The name or identifier of the rule that will be used to display this rule in logs or GUI.
Description (Optional) The description of the rule that you want to create or update in the specified domain and policy.
Source Group Paths

(Optional) Specify a CSV list of source group paths for the specified rule.
Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses.
Note: To specify all groups, use the constant "ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array.

Destination Groups Paths (Optional) Specify a CSV list of destination group paths for the specified rule.
Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses.
Note: To specify all groups, use the constant "ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array.
Logged Select this checkbox to enable packet logging for the specified rule.
Disabled Select this checkbox to disable the rule. By default, this checkbox is unchecked, i.e., the rule is enabled.
Scope (Optional) Specify a CSV list of policy paths where the specified rule is to be applied.
Note: A given rule can be applied on multiple LRs/LRPs.
Action Select the action to be applied to all the services of the rule that you want to create or update. You can choose between ALLOW, DROP, REJECT, or JUMP_TO_APPLICATION.
The JUMP_TO_APPLICATION action is supported only for rules created in the "Environment" category. Once a match is hit then the rule processing jumps to the rules present in the "Application" category, skipping all further rules in the "Environment" category. If the rules do not match in the "Application" category, then the default application rule will be hit. This is applicable only to DFW.
Notes (Optional) Specify additional notes for changes made to the specified rule.
Tags (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified rule.
Note: You can specify a maximum of 30 items.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified rule.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Delete Rule

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified rule.
Policy ID Specify the policy ID from which you want to delete the specified group.
Rule ID Specify the ID of the rule that you want to delete from the specified domain and policy.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Manage VM TAG

Input parameters

Parameter Description
External ID of VM Specify the external ID of the VM on which you want to perform the specific action, i.e., add, remove, or update the specified tags.
Action Select the type of action you want to perform. You can choose between ADD, REMOVE, or UPDATE the specified tags on the specified VM.
Scope Specify a single string of scope, where the specified rule is to be applied. For example, scope - os, security
VM Tag Specify a single string of tags to be applied to the specified VM. For example, tags - linux
In the case of our example, where the 'Scope' is defined as scope - os, security, and 'VM Tag' as tags - linux the tag gets added to the scope.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

Included playbooks

The Sample - VMware NSX-T - 1.1.0 playbook collection comes bundled with the VMware NSX-T connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMware NSX-T connector.

  • Add/Remove IP Addresses
  • Add/Remove MAC Addresses
  • Delete Group
  • Delete Rule
  • Delete Security Policy
  • Get Group Details
  • Get Groups List
  • Get Rule Details
  • Get Rules List
  • Get Security Policies List
  • Get Security Policy Details
  • Manage VM TAG
  • Upsert Group
  • Upsert Rule
  • Upsert Security Policy

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

VMware NSX-T Data Center focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks.

This document provides information about the VMware NSX-T connector, which facilitates automated interactions, with a VMware NSX-T server using FortiSOAR™ playbooks. Add the VMware NSX-T connector as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all the security policies for a specific domain from VMware NSX-T, creating or updating the group for the specified domain in VMware NSX-T, adding or removing the specified MAC addresses from the specified expression of a group in VMware NSX-T, etc.

Version information

Connector Version: 1.1.0

Authored By: Fortinet

Certified: No

Release Notes for version 1.1.0

The following enhancements have been made to the VMware NSX-T Connector in version 1.1.0:

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-vmware-nsx-t

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the VMware NSX-T connector card. On the connector popup, click the Configurations tab to enter the required configuration details:

Parameter Description
Server URL The URL of the VMware NSX-T server to which you will connect and perform the automated operations.
Username The username used to access the VMware NSX-T server to which you will connect and perform the automated operations.
Password The password used to access the VMware NSX-T server to which you will connect and perform the automated operations.
Verify SSL Select this checkbox to verify the SSL server certificate.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Get Security Policies List Retrieves a list of all the security policies for a specific domain from VMware NSX-T based on the domain ID and other input parameters you have specified. get_security_policies_list
Investigation
Get Security Policy Details Retrieves details of a specific security policy for a specific domain from VMware NSX-T based on the domain ID and policy ID you have specified. get_security_policy_details
Investigation
Upsert Security Policy Creates or Updates the security policy for the specified domain in VMware NSX-T based on the domain ID, policy ID, and other input parameters you have specified.
If a security policy for the given security-policy-id is not present, then the security policy object gets created, and if it is present then the security policy object gets updated, i.e. it will get completely replaced.
upsert_security_policy
Miscellaneous
Delete Security Policy Deletes a specific security policy, along with all the rules, from the specified domain in VMware NSX-T based on the domain ID and policy ID you have specified. delete_security_policy
Miscellaneous
Get Groups List Retrieves a list of groups for a specific domain from VMware NSX-T based on the domain ID and other input parameters you have specified.
Note: Groups can be filtered using the member_types query parameter, which returns the groups that contain the specified member types.
get_groups_list
Investigation
Get Group Details Retrieves details of a specific group for a specific domain from VMware NSX-T based on the domain ID and group ID you have specified. get_group_details
Investigation
Upsert Group Creates or Updates the group for the specified domain in VMware NSX-T based on the domain ID, group ID, and other input parameters (fields) you have specified.
If a group for the given group-id is not present, then the group object gets created, and if it is present then the group object gets updated, i.e. it will get completely replaced.
upsert_group
Miscellaneous
Delete Group Deletes a specific group from the specified domain in VMware NSX-T based on the domain ID and group ID you have specified. delete_group
Miscellaneous
Add/Remove IP Addresses Adds or removes the specified IP addresses from the specified expression of a group in VMware NSX-T based on the domain ID, group ID, expression ID, and other input parameters you have specified. add_remove_ip_addresses
Investigation
Add/Remove MAC Addresses Adds or removes the specified MAC addresses from the specified expression of a group in VMware NSX-T based on the domain ID, group ID, expression ID, and other input parameters you have specified. add_remove_mac_addresses
Investigation
Get Rules List Retrieves a list of all the firewall rules for a specific domain from VMware NSX-T based on the domain ID, policy ID, and rule ID you have specified. get_rules_list
Investigation
Get Rule Details Retrieves details of a specific firewall for a specific domain from VMware NSX-T based on the domain ID and group ID you have specified. get_rule_details
Investigation
Upsert Rule Creates or Updates the firewall rule for the specified domain and policy in VMware NSX-T based on the domain ID, policy ID, rule ID, and other input parameters you have specified.
If a group for the given rule-id is not present, then the rule object gets created, and if it is present then the rule object gets updated, i.e. it will get completely replaced.
upsert_rule
Miscellaneous
Delete Rule Deletes a specific rule from the specified domain and policy in VMware NSX-T based on the domain ID, policy ID, and rule ID you have specified. delete_rule
Miscellaneous
Manage VM TAG Adds, updates, or deletes tags for a specific Virtual Machine(VM) based on the external ID of the VM, tag, scope, and action you have specified. manage_vm_tag
Miscellaneous

operation: Get Security Policies List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of security policies.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Include Rule Count Select this checkbox to include the count of rules in the specified policy in the results of this operation, i.e., the rule_count field in the results gets populated with the count of rules in the particular policy.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"internal_sequence_number": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Security Policy Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified security policy.
Policy ID Specify the ID of the policy whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"rules": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
],
"category": "",
"precedence": "",
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Security Policy

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified security policy.
Policy ID Specify the ID of the security policy that you want to create or update for the specified domain.
Display Name (Optional) The name or identifier of the security policy that will be used to display this security policy in logs or GUI.
Description (Optional) The description of the security policy that you want to create or update for the specified domain.
Category

The policy framework provides five pre-defined categories for classifying a security policy: "Ethernet", "Emergency", "Infrastructure", "Environment", and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies:

  • The "Ethernet" category is for supporting layer 2 firewall rules.
  • The other four categories are applicable to layer 3 rules. Amongst them, the "Emergency" category has the highest priority followed by "Infrastructure", "Environment", and then "Application".

You can choose to categorize the security policy into the available categories or can choose to leave it empty. If you leave it empty it will have the least precedence of the categories.

Comments (Optional) The comments that you want to add for security policy lock or unlock.
Rules (Optional) Specify an array of rules in the JSON format for the specified security policy.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified security policy.

Output

The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}

operation: Delete Security Policy

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified security policy.
Policy ID Specify the ID of the security policy that you want to delete from the specified domain.

Output

The output contains the following populated JSON schema:
{
"status": "",
"results": ""
}

operation: Get Groups List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of groups.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Member Types (Optional) Specify comma-separated valid member types using which you want to filter the VMware NSX-T groups.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort By Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Group Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified group.
Group ID Specify the ID of the group whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Group

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified group.
Group ID Specify the ID of the group that you want to create or update in the specified domain.
Display Name (Optional) The name or identifier of the group that will be used to display this group in logs or GUI.
Description (Optional) The description of the group that you want to create or update for the specified domain.
Group Type (Optional) Specify a CSV list of group types that you want to assign to the specified group.
State Select the realization state that you want to assign to the specified group. You can choose between IN PROGRESS, SUCCESS, OR FAILURE.
Expression (Optional) Specify the array of conditional expressions for the specified group.
Tags (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified group.
Note: You can specify a maximum of 30 items.
Extended Expression (Optional) Specify the array of extended expressions for the specified group. Extended Expressions allow additional higher-level context to be specified for grouping criteria. For example, user AD group.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified group.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"expression": [
{
"resource_type": "",
"member_type": "",
"value": "",
"key": "",
"operator": "",
"_protection": ""
}
],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Delete Group

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified group.
Group ID Specify the ID of the group that you want to delete from the specified domain.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add/Remove IP Addresses

Input parameters

Parameter Description
Domain ID Specify the domain ID in which you want to add or remove the specified IP addresses.
Group ID Specify the group ID in which you want to add or remove the specified IP addresses.
Expression ID Specify the ID of the Expression in which you want to add or remove the specified IP addresses.
Action Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the IP addresses.
IP Addresses Specify a CSV list of IP addresses that you want to add or remove from the specified expression of a group in VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Add/Remove MAC Addresses

Input parameters

Parameter Description
Domain ID Specify the domain ID in which you want to add or remove the specified MAC addresses.
Group ID Specify the group ID in which you want to add or remove the specified MAC addresses.
Expression ID Specify the ID of the Expression in which you want to add or remove the specified MAC addresses.
Action Select the action that you want to perform, i.e., Add or Remove. The Action parameter determines whether to add or remove the MAC addresses.
MAC Addresses Specify a CSV list of MAC addresses that you want to add or remove from the specified expression of a group in VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Get Rules List

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the list of firewall rules.
Policy ID Specify the policy ID whose rules you want to retrieve from VMware NSX-T.
Include Delete Objects Select this checkbox to include objects (resources) that are marked for deletion in the results of this operation.
Page Size (Optional) The maximum number of results, per page, that this operation should return.
Sort by Field (Optional) The name of the field based on which you want to sort the result.
Sort Ascending Select this checkbox to sort the results of this operation in ascending order based on the field you have specified in the Sort by Field parameter.
Cursor (Optional) The opaque cursor to be used for getting the next page of records.

Output

The output contains the following populated JSON schema:
{
"sort_ascending": "",
"sort_by": "",
"result_count": "",
"results": [
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}
]
}

operation: Get Rule Details

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to retrieve the details of the specified firewall rules.
Policy ID Specify the policy ID for which you want to retrieve the details of the specified firewall rules.
Rule ID Specify the ID of the rule whose details you want to retrieve from VMware NSX-T.

Output

The output contains the following populated JSON schema:
{
"resource_type": "",
"description": "",
"id": "",
"display_name": "",
"path": "",
"parent_path": "",
"relative_path": "",
"sequence_number": "",
"source_groups": [],
"logged": "",
"destination_groups": [],
"scope": [],
"action": "",
"services": [],
"_create_user": "",
"_create_time": "",
"_last_modified_user": "",
"_last_modified_time": "",
"_system_owned": "",
"_protection": "",
"_revision": ""
}

operation: Upsert Rule

Input parameters

Parameter Description
Domain ID Specify the domain ID for which you want to create or update the specified rule.
Policy ID Specify the policy ID for which you want to create or update the specified rule.
Rule ID Specify the ID of the rule that you want to create or update in the specified domain and policy.
Display Name (Optional) The name or identifier of the rule that will be used to display this rule in logs or GUI.
Description (Optional) The description of the rule that you want to create or update in the specified domain and policy.
Source Group Paths

(Optional) Specify a CSV list of source group paths for the specified rule.
Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses.
Note: To specify all groups, use the constant "ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array.

Destination Groups Paths (Optional) Specify a CSV list of destination group paths for the specified rule.
Paths are required since duplicate names might exist for groups in different domains. Along with paths, IP addresses of types IPv4 and IPv6 are also supported. IP addresses can be in one of the following formats: CIDR, IP Address, or Range of IP addresses.
Note: To specify all groups, use the constant "ANY" (case insensitive). If "ANY" is used, it should be the ONLY element in the group array.
Logged Select this checkbox to enable packet logging for the specified rule.
Disabled Select this checkbox to disable the rule. By default, this checkbox is unchecked, i.e., the rule is enabled.
Scope (Optional) Specify a CSV list of policy paths where the specified rule is to be applied.
Note: A given rule can be applied on multiple LRs/LRPs.
Action Select the action to be applied to all the services of the rule that you want to create or update. You can choose between ALLOW, DROP, REJECT, or JUMP_TO_APPLICATION.
The JUMP_TO_APPLICATION action is supported only for rules created in the "Environment" category. Once a match is hit then the rule processing jumps to the rules present in the "Application" category, skipping all further rules in the "Environment" category. If the rules do not match in the "Application" category, then the default application rule will be hit. This is applicable only to DFW.
Notes (Optional) Specify additional notes for changes made to the specified rule.
Tags (Optional) Specify the array of tags in the JSON format (key-value pairs) for the specified rule.
Note: You can specify a maximum of 30 items.
Additional Fields (Optional) Specify any additional fields in the JSON format for the specified rule.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Delete Rule

Input parameters

Parameter Description
Domain ID Specify the domain ID from which you want to delete the specified rule.
Policy ID Specify the policy ID from which you want to delete the specified group.
Rule ID Specify the ID of the rule that you want to delete from the specified domain and policy.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

operation: Manage VM TAG

Input parameters

Parameter Description
External ID of VM Specify the external ID of the VM on which you want to perform the specific action, i.e., add, remove, or update the specified tags.
Action Select the type of action you want to perform. You can choose between ADD, REMOVE, or UPDATE the specified tags on the specified VM.
Scope Specify a single string of scope, where the specified rule is to be applied. For example, scope - os, security
VM Tag Specify a single string of tags to be applied to the specified VM. For example, tags - linux
In the case of our example, where the 'Scope' is defined as scope - os, security, and 'VM Tag' as tags - linux the tag gets added to the scope.

Output

The output contains the following populated JSON schema:
{
"status": "",
"result": ""
}

Included playbooks

The Sample - VMware NSX-T - 1.1.0 playbook collection comes bundled with the VMware NSX-T connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMware NSX-T connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next