Disabling SMB-v1 breaks IDFW log scraping
Article ID: 320966
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- SMB-v1 is vulnerable for wannacry attack but disabling SMB-v1 will cause IDFW log scrapper to fail.
- Consequently, IDFW feature will not work if you are not using Guest Introspection.
Cause
NSX for vSphere uses 3rd party library called “JCIFS” which is used for underlying communication between the NSX and the AD server.
“JCIFS” only supports SMB-v1 and if SMB-v1 is disabled on the AD server, NSX will stop communicating with the AD server. Consequently, the IDFW feature will stop working if you do not install Guest Introspection.
“JCIFS” only supports SMB-v1 and if SMB-v1 is disabled on the AD server, NSX will stop communicating with the AD server. Consequently, the IDFW feature will stop working if you do not install Guest Introspection.
Resolution
To resolve this issue, if you are not comfortable using SMB-v1, use Guest Introspection.
This is the only alternative for SMB-v1.
This is the only alternative for SMB-v1.
Feedback
Yes
No
Powered by
