North South service insertion redirection rules not being realized on NSX-T Edge
search cancel

North South service insertion redirection rules not being realized on NSX-T Edge

book

Article ID: 301504

calendar_today

Updated On:

Products

VMware NSX Networking VMware vDefend Firewall

Issue/Introduction

Symptoms:
  • You have service insertion configured for North/South traffic.
  • There is a redirection rule configured.
Security -->North South Firewall -->Network Introspection (N-S)
  • You have recently disconnected a Tier-1 Gateway from Tier-0 Gateway and reconnected.
  • Service insertion policies and rules will not not appear in Edge CLI
edge01> get firewall [LogicalRouterLinkPortOnTIER1 interface UUid on logical router] pbr policy
Thu Apr 20 2023 UTC 14:57:12.253
PBR policy count: 0
  • Due to rules missing traffic will not be redirected/forwarded.
  • For a short period after the Tier-1/Tier-0Disconnect, the traffic may continue to flow.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


Environment

VMware NSX-T Data Center

Cause

The existing redirection rules have disappeared due to a known issue which occurs when disconnecting and reconnecting a Tier-1 Gateway to Tier-0 Gateway.

Resolution

This issue is resolved in NSX-T version 3.2.3 available at VMware downloads.

Workaround:
This issue is resolved in NSX-T 3.2.3, please upgrade to 3.2.3 to avoid this issue.
If you have already encountered this issue, you can create a new Tier-1 gateway used for the service insertion and attach it to the Tier-0 Gateway.

If you believe are experiencing this issue and are unable to create a new Tier-1 Gateway, please open a support request with VMware NSX-T GSS and reference this KB.

Powered by Wolken Software