Edge nodes fail to download URL database and are shown as Down in Connection Status
Article ID: 386683
Updated On:
Products
VMware NSX
VMware vDefend Firewall
Issue/Introduction
Edge nodes in URL Database (i.e. In UI, "Security"->"General Settings"->"URL Database") are shown as down. The "Last Synced" time is not up to date.
Environment
VMWare NSX version 3.0 or above. URL Filtering is enable on edge clusters
Resolution
Go to https://ports.broadcom.com/home/vSphere+NSX and enter "url" in search, as shown below:
Based on NSX versions, create firewall rules to allow traffic for URL database download
| NSX Version | Source | Destination | Protocol | Ports |
| 3.0 to 3.2 | management IP address of Edge Nodes | api.nsx-sec-prod.com *.storage.googleapis.com |
TCP | 443 |
| 4.0 or later | management IP address of Edge Nodes | *.prod.nsxti.vmware.com | TCP | 443 |
Create firewall rules to allow the following TCP tuples as well:
| NSX Version | Source | Destination | Protocol | Ports |
| 3.0 or later | management IP address of Edge Nodes | ord36s04-in-f110.1e100.net (IPv4) iad30s10-in-x0e.1e100.net (IPv6) |
TCP | 80 |
Feedback
Yes
No
Powered by
