NSX-T Data Center System group 'SystemVM_NSGroup' is not selected as an excluded group on the DFW exclusion list

search cancel

NSX-T Data Center System group 'SystemVM_NSGroup' is not selected as an excluded group on the DFW exclusion list

book

Article ID: 322541

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:

Running NSX-T 3.2.2.
In the UI the 'SystemVM_NSGroup' appears unselected under the DFW exclusion list 'User excluded groups' tab, suggesting it is not excluded from the DFW rules.
Selecting the 'SystemVM_NSGroup' and saving the configuration does not work, the group remains unselected.

Environment

VMware NSX-T Data Center

Cause

This is issue occur due to the System group 'SystemVM_NSGroup' being incorrectly displayed in the User Excluded Groups section.

Resolution

This issue is resolved in NSX-T 3.2.3 available at VMware Downloads.

Workaround:

There is no workaround to rectify the UI display issue.
To verify the 'SystemVM_NSGroup' are in the DFW exclusion list, use the following API's.

1. Determine 'SystemVM_NSGroup' UUID:

GET /policy/api/v1/infra/domains/default/groups

{

"expression": [],

"extended_expression": [],

"reference": false,

"resource_type": "Group",

"id": "7e8d14d0-ae7a-4bf2-b3e2-74a8c2d92347",

"display_name": "SystemVM_NSGroup",

"description": "System VMs are added to DFW exclude list via SystemVM_NSGroup",

"path": "/infra/domains/default/groups/7e8d14d0-ae7a-4bf2-b3e2-74a8c2d92347",

"relative_path": "7e8d14d0-ae7a-4bf2-b3e2-74a8c2d92347",

"parent_path": "/infra/domains/default",

"unique_id": "7e778c2a-a372-4347-8aae-407486125ea2",

"realization_id": "7e778c2a-a372-4347-8aae-407486125ea2",

"marked_for_delete": false,

"overridden": false,

"_create_time": 1688649262937,

"_create_user": "system",

"_last_modified_time": 1688649262937,

"_last_modified_user": "system",

"_system_owned": true,

"_protection": "NOT_PROTECTED",

"_revision": 0

}

2. Verify the 'SystemVM_NSGroup' UUID is seen on the exclude list:

GET /policy/api/v1/infra/settings/firewall/security/exclude-list?system_owned=true

{

"members": [

"/infra/domains/default/groups/a8b7ddce-a5d6-11e8-a7e5-43344e310957",

"/infra/domains/default/groups/7e8d14d0-ae7a-4bf2-b3e2-74a8c2d92347" (SystemVM_NSGroup)

"resource_type": "PolicyExcludeList",

"id": "exclude-list",

"display_name": "exclude-list",

"path": "/infra/settings/firewall/security/exclude-list",

"relative_path": "exclude-list",

"parent_path": "/infra",

"unique_id": "624be055-e10e-4738-a524-c7315e1cecb0",

"realization_id": "624be055-e10e-4738-a524-c7315e1cecb0",

"marked_for_delete": false,

"overridden": false,

"_create_time": 1688649220691,

"_create_user": "system",

"_last_modified_time": 1688649263635,

"_last_modified_user": "system",

"_system_owned": false,

"_protection": "NOT_PROTECTED",

"_revision": 2

}

Feedback

thumb_up Yes

thumb_down No