IDFW not functioning as expected when using Tools for login detection
Article ID: 324222
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- NSX-T Data Center
- IDFW is configured
- VMware Tools Guest Introspection is used for login detection
- AD user Logins are detected correctly and on the UI, the AD Group shows the VM has been added as a member
- IDFW rules using this AD Group are not matched as expected. A default Allow or Drop rule may be hit instead
- The Guest VM has third party security software installed
Environment
VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 3.x
Cause
When third party network security software runs on a Virtual Machine as a system service, it can result in network connections being masqueraded to run in system context instead of the logged in user context. This can lead to IDFW being unable to apply user specific rules to that network callback.
Resolution
This issue is not present on NSX-T Datacenter 3.2.0 and later in combination with VMware Tools 11.2.5 and later.
Workaround:
To workaround the issue, uninstall the 3rd party software from the guest VM.
Alternatively, from NSX-T 3.2 use Event Server log scraper for login detection instead of introspection via VMware Tools
Workaround:
To workaround the issue, uninstall the 3rd party software from the guest VM.
Alternatively, from NSX-T 3.2 use Event Server log scraper for login detection instead of introspection via VMware Tools
Feedback
Yes
No
Powered by
