Edge VM is not automatically excluded from DFW
search cancel

Edge VM is not automatically excluded from DFW

book

Article ID: 315186

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
Edge VMs whose network interfaces are edited, and updated to use NSX logical segments have DFW rules and filters applied.

Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 2.x

Cause

On network edit, additional operations to exclude edge connected segment ports from DFW are not executed.
Thus, Edge VMs are not excluded from DFW, and filters are applied on logical segment ports consumed by the Edge.

Resolution

This issue is resolved in VMware NSX-T Data Center 2.5.2 and 3.0, available at VMware Downloads.


Workaround:
On the edge VM whose network interface has been edited, log in to CLI and issue command 'systemctl restart nsx-opsagent-appliance.service'
The next attempt when Edge connects to the Manager, will add logical ports to the DFW exclude list will work as expected.

Additional Information

Impact/Risks:
This impacts traffic flow.

Product versions affected:- All until 2.5.1