Firewall rules fail to apply to users in forest domains through trusted domain in IDFW
search cancel

Firewall rules fail to apply to users in forest domains through trusted domain in IDFW

book

Article ID: 310644

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

While creating identity firewall rules with users from the sub-domain added in a group of top-domain, the NSX manager does not see the relation between Security Groups in a top-domain and sub domains.

Environment

VMware NSX for vSphere 6.4.x

Cause

Using LDAP’s default port 389 with a Base DN of the parent Active Directory domain only shows objects from the parent domain. Using TCP port 3268 with the same Base DN allows LDAP access to users from the child AD domain.

Resolution

To resolve the issue, change the port number of the LDAP server from 389 to 3268.

  • Navigate to Networking & Security > Networking & Security Inventory.
  • Select the NSX Manager > Manage > Domains
  • From the domains list, Select Top domain > LDAP Servers.
  • Click Edit.
  • Change the port from 389 to 3268.
  • Click OK.
  • Click on Synchronize to synchronize the data.
Powered by Wolken Software