More customers are embracing the suite of applications provided by VMware in managing their environment. I’m seeing customers with vRealize Network Insight (vRNI), but a lot still don’t appreciate all the things it can do. One of those things is showing redundant NSX firewall rules.
Often when customers create NSX firewall rules, they accidently also match traffic from a previous rule. Because they only test the new rule is working as expected, they don’t realise an older rule is now redundant. Having redundant rules gets in the way of managing the functioning rules, but also adds to the overhead of other VMs that may have to process additional rules before hitting the default rule.
Using vRNI, you can see redundant firewall rules.
In the image below, rule id 1206 contains the same set of VMs (plus more) for source & destination as rule id 1140.
In this case rule id 1140 can safely be removed.
Just another way vRNI can provide insights to your network. ;-)