NSX Edge Commands

A few commands for reference when working with NSX edge routers/firewalls.

Reference for some NSX edge commands:

Check interfaces:

show interface

Check log:

show log

TCP dump example: (Choose NIC seen in sh int and ip required with host_ prefix)

Can use ‘capture’ to record to pcap file and ‘no debug’ to stop. Can scp off the edge, show and remove these captures.

debug packet display interface vNic_1 host_10.0.0.1

debug packet display interface vNic_x port_xxx

debug packet capture interface vNic_x host_destinationip

no debug packet capture interface vNic_1

debug show files

debug copy scp

debug remove all

Resources:

show process monitor

VPN

show service ipsec

show service ipsec site

Reset IKA SA/Ipsec SA

clear service ipsec ikesa id

clear service ipsec ipsecsa id

IP:

show ip route

show ip address

Firewall:

show firewall flows
show nat
show ipset
show configuration firewall

More To Explore

Setting up a jump host VPN client to access your network.

Matthew McGovern November 24, 2023

Using 2 ethernet ports to bond one interface.

Matthew McGovern November 23, 2023