VMware NSX IDPS rules not supported on VMware NSX load balancer
book
Article ID: 322431
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
You are using VMware NSX IDPS.
You have a VMware NSX load balancer deployed.
You have applied IDPS rules in Detect Only or Detect and Prevent mode under IDS/IPS & Malware Prevention - Gateway Rules - Gateway Specific Rules - <Tier 1 Logical Router>.
There are IDPS rules applied to a VMware NSX Tier 1 Logical Router.
This VMware NSX Tier 1 Logical Router has a VMware NSX load balancer configured on it.
SSH and SCP traffic destined to the VMware NSX load balancer VIP do not work.
When the IDPS rule applied to the VMware NSX Tier 1 is disabled, SSH and SCP traffic flows again.
Environment
VMware NSX-T
Resolution
Configuring IDPS in either Detect Only or Detect and Enforce mode on a VMware NSX Tier 1 logical router configured with a VMware NSX load balancer is not a supported configuration. Do not apply IDPS rules to a VMware NSX Tier 1 logical router which has a VMware NSX load balancer configured.