In NSX-V, you can save up to 100 distributed firewall configurations. This is done automatically every time you update rulesets and publish changes. Any configuration set that is set to be “preserved” will be kept and others will be removed.
This functionality is an addition to NSX Backups which hare sent to a remote location like TFTP. NSX Backups will contain NSX Manager, DFW and Edge configurations. The autosaved rules will only contain distributed firewall (DFW) rules.
However, in VMware vCenter under NSX Manager dashboard, you will notice alarm if number of DFW configurations autosaved reaches 90%. As administrators, it is best practice to do some house keeping to make it easy to retrieve or restore important configuration set for future.
In this article, we will go through the steps required to tidy up DFW autosaved rules, so we can clear the alarm.
Login to VMware vCenter
Navigate to “Networking and Security”
Click on “Firewall”
Click on the “Saved Configurations” tab.
Highlight the rules which are old and not marked as “preserved”
Click on the “x” icon to delete that rule. (unfortunately, you cannot highlight multiple lines).
If you like to keep a certain configuration, highlight the ruleset and edit and set the status to preserved.