North South service insertion redirection rules not being realized on NSX-T Edge
search cancel

North South service insertion redirection rules not being realized on NSX-T Edge

book

Article ID: 301504

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

  • You have service insertion configured for North/South traffic.
  • There is a redirection rule configured. 
    Security -->North South Firewall -->Network Introspection (N-S)
  • You have recently disconnected a Tier-1 Gateway from Tier-0 Gateway and reconnected.
  • Service insertion policies and rules will not not appear in Edge CLI 
    edge01> get firewall [LogicalRouterLinkPortOnTIER1 interface UUid on logical router] pbr policy
    Thu Apr 20 2023 UTC 14:57:12.253
    PBR policy count: 0
  • Due to rules missing traffic will not be redirected/forwarded.
  • For a short period after the Tier-1/Tier-0Disconnect, the traffic may continue to flow.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware NSX-T Data Center

Cause

The existing redirection rules have disappeared due to a known issue which occurs when disconnecting and reconnecting a Tier-1 Gateway to Tier-0 Gateway.

Resolution

This issue is resolved in VMware NSX-T Data Center 3.2.3 available at Broadcom Downloads.

 
Workaround

This issue is resolved in VMware NSX-T Data Center 3.2.3, please upgrade to 3.2.3 to avoid this issue.
If you have already encountered this issue, you can create a new Tier-1 gateway used for the service insertion and attach it to the Tier-0 Gateway.

If you believe are experiencing this issue and are unable to create a new Tier-1 Gateway, please open a support request with Broadcom Support and reference this KB.

Powered by Wolken Software