NSX-T Firewall rules are not applied to physical device login/logout events using LogInsight events
search cancel

NSX-T Firewall rules are not applied to physical device login/logout events using LogInsight events

book

Article ID: 322469

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • You are using NSX-T IDFW (Identity Firewall).
  • You are running NSX-T 3.2.x and using LogInsight to register the login/logout events from physical devices.
  • The AD (Active Directory) username may start with a upper case letter and the remainder are lowercase.
  • The AD user login/logout events are not seen in the NSX-T Active IDFW Sessions tab of the NSX-T UI.
  • Firewall rules are not applied correctly to these sessions.
  • The login/logout events are correctly seen in Loginsight.
  • In the NSX-T manager log syslog and nsxapi show the events received from LogInsight:
2022-05-12T08:53:01.509Z  INFO http-nio-127.0.0.1-7440-exec-48 PolicyIdentityFacadeImpl 13474 FIREWALL [nsx@6876 comp="nsx-manager" level="INFO" reqId="4d66c423-fd15-450f-8b2f-6e441441ffff" subcomp="manager" username="admin"] Received response for /api/v1/idfw/user-session-data as IdfwUserSessionDataAndMappingsDto{activeUserSessions='..........
IdfwUserSessionDataDto{id='ffccddvv-467c-46b4-a675-aa1227babe58', domainName='CORP', userName='username', userId='88779900-4a2f-42d9-b4ae-8cad2f9ef3ec', vmExtId='', userSessionId='-444822456', loginTime='1652345418586', logoutTime='1652345421706', sessionSource='ELS'}........


Environment

VMware NSX-T Data Center

Cause

AD usernames are case insensitive, the IDFW logic is NOT case insensitive.

Resolution

This is a known issue affecting NSX-T data center.

Workaround:
Ensure AD users login with the same case sensitivity as is in AD, if using LogInsight to scrap these events.

Powered by Wolken Software