NSX-T NAT port reverted issue
Article ID: 324395
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- NSX-T Data Center 3.x
- While creating a DNAT rule using the NSX-T web interface or the NSX-T API, the issue will be present.
- In NSX-T environment, port scanning tool can return an abnormal list of open ports on the DNAT Translated IPs. This is a direct consequence of this issue if the Translated Port is set to "Any".
- In both scenarios, the Port (Service) and the Translated Port will be reverted on the Dataplane:
Environment
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center
VMware NSX-T Data Center
Cause
When the NAT rule is converted from NSX-T Policy to NSX-T Manager components, the Translated Port and matched Port are reverted.
Resolution
This is a known issue affecting NSX-T Data Center 3.1.x. There is currently no resolution.
Workaround:
In order to workaround this behavior, the Translated port will need to be configured (By default set to "any") with the same port as the "Service" (Matching port).
Workaround:
In order to workaround this behavior, the Translated port will need to be configured (By default set to "any") with the same port as the "Service" (Matching port).
Additional Information
Similarly to the existing VMware knowledge article: https://kb.vmware.com/s/article/79428?lang=en_US the same issue is present in NSX-T 3.1.x version.
Feedback
Yes
No
Powered by
