Virtual machines lose their DFW rules when vMotioned from an NSX-V prepared cluster to an NSX-T prepared cluster
Article ID: 317174
Updated On:
Products
VMware NSX
Issue/Introduction
The purpose of this KB is to acknowledge an issue with NSX-T.
- DFW rules do not work after a VM is vMotioned from an NSX-V prepared host to an NSX-T prepared host.
- Powering down the VM before moving to NSX-T applies the DFW properly.
- After moving the VM to NSX-T, edit the VM's network to attach it to a non-NSX network, then move it to an NSX network, the rules will be applied properly.
- NSX-T is installed in "Security Only" mode.
Environment
VMware NSX-T
Cause
- Performing a vMotion from an NSX-V prepared host or DVS to an NSX-T prepared host or DVS is not supported. The loss of DFW rules is expected behavior.
Resolution
- No resolution at this time.
- The procedure should be supported in a future version.
Workaround:
- Power down the VM before moving to NSX-T applies the DFW properly.
- Move the VM to NSX-T, edit the VM's network to attach it to a non-NSX network, then move it to an NSX network, the rules will be applied properly.
Additional Information
Impact/Risks:
The VM's networking will work but DFW rules will not be applied, potentially opening the virtual machine to security issues.
The VM's networking will work but DFW rules will not be applied, potentially opening the virtual machine to security issues.
Feedback
Yes
No
Powered by
