Guest Introspection driver (vnetWFP) with VMware Tools 12.0 out of box will not intercept ICMP network traffic
book
Article ID: 313795
calendar_today
Updated On:
Products
VMware vSphere ESXiVMware Desktop Hypervisor
Issue/Introduction
Symptoms: After VMware Tools upgrade to 12.x ,NSX IDFW rules configured for ICMP may not work on guest virtual machine installed with VMware Tools 12.x unless ICMP registry settings are explicitly enabled.
Environment
VMware Tools 12.x
Cause
Guest Introspection driver (required for NSX IDFW) by default from Tools 12.0 would not intercept ICMP network traffic.
Due to intermittent packet drop issue seen with usage of Microsoft WFP packet injection API, ICMP packet interception has been disabled by default on VM Tools 12.x.
Create the following DWORD value under the newly created parameters key:
Note: Ensure that Hexadecimal is selected when putting in these values. The ‘0x’ means hexadecimal, you should not enter ‘0x’ while adding the values in the registry. Selecting hexadecimal is enough.
Possible Values for ksam_otorp: 0x400 - To enable filtering of UDP messages, disable ICMP 0x800 - To enable filtering of ICMP messages, disable UDP 0xC00 - To enable filtering of ICMP and UDP messages 0x0 - To disable filtering of both ICMP and UDP messages
Note : TCP filtering is always enabled and cannot be controlled by registry settings.
With VMware Tools 12.x, the key can be deleted to get the default behavior (i.e. only ICMP protocol disabled).