VMware NSX Default DFW rules do not apply to VMs when IDFW user logs off
search cancel

VMware NSX Default DFW rules do not apply to VMs when IDFW user logs off

book

Article ID: 309076

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

Default DFW rules do not apply to VMs when IDFW user logs off .

Note: The timeout to logoff the user is 8 hours.

Environment

VMware NSX for vSphere 6.4.x

Resolution

If system does not see a network event to "refresh" the logon within the configured time, it will initiate a logoff process.

To reduce the default 8-hour logoff time for an IDFW user:

  1. In the NSX Manager , open the file : /home/secureall/secureall/sem/WEB-INF/classes/blueprint.properties
  2. Modify the below line entry with desired value.
ui.user.ip.mapping.timeout.value=480
Note: this is a value in minutes.
  1. Restart the NSX Manager service:


To initiate a delta-sync via REST api:

  1. Lookup the domain id :

https://<nsx_ip>/api/1.0/directory/listDomains

Example output:
<DirectoryDomains>
<DirectoryDomain>
<id>2</id>
<name>vs4.net</name>
<type>ActiveDirectory</type>
<netbiosName>VS4</netbiosName>
<username>Administrator</username>
<baseDn>DC=vs4,DC=net</baseDn>
</DirectoryDomain>
</DirectoryDomains>

  1. Initiate a delta-sync by using the value of domain ID:

https://nsx_ip/api/1.0/directory/deltaSync/{domainID}