Virtual machines lose their DFW rules when vMotioned from an NSX-V prepared cluster to an NSX-T prepared cluster
search cancel

Virtual machines lose their DFW rules when vMotioned from an NSX-V prepared cluster to an NSX-T prepared cluster

book

Article ID: 317174

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The purpose of this KB is to acknowledge an issue with NSX-T.

Symptoms:
DFW rules do not work after a VM is vMotioned from an NSX-V prepared host to an NSX-T prepared host.
Powering down the VM before moving to NSX-T applies the DFW properly.
After moving the VM to NSX-T, edit the VM's network to attach it to a non-NSX network, then move it to an NSX network, the rules will be applied properly.
NSX-T is installed in "Security Only" mode.

Environment

VMware NSX-T

Cause

Performing a vMotion from an NSX-V prepared host or DVS to an NSX-T prepared host or DVS is not supported. The loss of DFW rules is expected behavior.

Resolution

No resolution at this time.
The procedure should be supported in a future version.

Workaround:
Power down the VM before moving to NSX-T applies the DFW properly.
Move the VM to NSX-T, edit the VM's network to attach it to a non-NSX network, then move it to an NSX network, the rules will be applied properly.

Additional Information

Impact/Risks:
The VM's networking will work but DFW rules will not be applied, potentially opening the virtual machine to security issues.

Powered by Wolken Software