IDPS signature Download via Proxy in a Federated Site not working
search cancel

IDPS signature Download via Proxy in a Federated Site not working

book

Article ID: 345919

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

The purpose of this article is to provide awareness of a known issue.

Symptoms:

  • Not able to Update Signatures. Latest update not visible in NSX UI
  • There are 2 exceptions/issues that can be seen on the impacted version : 

/var/log/policy/policy.log

Exception 1: 

2022-01-06T07:24:18.152Z INFO http-nio-127.0.0.1-6440-exec-111 PolicyIDSFacadeImpl 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" reqId="273c52e3-####-####-####-e0a8b8b120db" subcomp="policy" username="admin"] IDS - Got the request to trigger Signature download

2022-01-06T07:24:18.152Z INFO asyncExecutor-3 IdsSignatureUtils 6920 POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] IDS - Starting Signature update process

2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS - Triggering the Signature download from NSX Intel Cloud

2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS- cloud registration is not yet done.

2022-01-06T07:24:18.153Z INFO asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="INFO" subcomp="policy"] IDS: Getting the license info

2022-01-06T07:24:18.153Z WARN asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"level="WARNING" subcomp="policy"] No Enforcement point found

2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 PolicyIDSUtils 6920 POLICY [nsx@6876 comp="nsx-manager"errorCode="MP523681" level="ERROR" subcomp="policy"] NSX Data Center Distributed Threat Prevention key not present. IDS need Threat License Key in order to work.2022-01-06T07:24:18.153Z ERROR asyncExecutor-3 SimpleAsyncUncaughtExceptionHandler 6920 Unexpected exce

ption occurred invoking async method: public void com.vmware.nsx.management.policy.ids.utils.IDSOnDeman

dScheduler.startDownload()


Exception 2: 

2022-03-03T14:27:50.147Z ERROR asyncExecutor-1 PolicyIDSUtils 15460 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP523675" level="ERROR" subcomp="policy"] Got Exception while registering With NSX cloud client - org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.example.com

org.springframework.web.client.ResourceAccessException: I/O error on POST request for " https://api.prod.nsxti.vmware.com/1.0/auth/register": api.prod.nsxti.vmware.com; nested exception is java.net.UnknownHostException: api.prod.nsxti.example.com

 

Steps to Reproduce the Issue:

 

  • Federated Setup
  • Internet connection for NSX manager appliance via Proxy
  • Try to download the signatures

Environment

VMware NSX-T Data Center

Cause

With federated setup there are multiple enforcement point. Code on impacted version not able to determine the correct enforcement point leads to this issue.

Resolution

  • Issue is fixed in 3.1.3.7 and 3.2.X onwards
  • This Issue is also fixed in the HP 3.1.2.0.2916417. (Contact VMware Technical Support for details)


Workaround:

  • Offline Signature download can be used as a Workaround

Additional Information

Impact/Risks:
Not able to update latest Signatures for IDPS

Powered by Wolken Software