• In certain scenarios when reviewing Identity Firewall (IDFW) logs on an NSX environment, the client ip: field may appear blank.
• In the IDFW logs (/var/log/nsx-opsagent.log on ESXi hosts), entries related to the session dump may show a blank client IP address.

2024-03-14T10:38:37.392Z nsx-opsagent[531333]: NSX 531333 - [nsx@6876 comp="nsx-esx" subcomp="opsagent" s2comp="ctxteng" tid="531419" level="INFO"] Context: Session dump - vcUuid: ########-####-####-############, dfwKey: S-#-#-##-###########-######, sid: S-#-#-##-###########-######, uid: -1, type: SESSION_TYPE_CONNECT, user name: <some User>, domain name: <some domain>, session id: 2, client ip:, ip version: 0, timestamp: ###########, group count: ##, group hash: #

VMware NSX with Identity Firewall (IDFW) enabled.

• Expected Behavior in console-based sessions.
• If true client IP tracking is required:
• Use direct RDP sessions instead of console proxies.