Users disappear from "Active IDFW Users Sessions" list in NSX UI
Article ID: 404523
Updated On:
Products
VMware vDefend Firewall
VMware vDefend Firewall with Advanced Threat Prevention
Issue/Introduction
This KB applies specifically to Guest Introspection (GI) based IDFW. IDFW via Event Log Scraping (ELS) behaves differently.
- You may notice some user sessions disappear from the "Active IDFW Users Sessions" list in the NSX UI. These are users that originally appeared in the list and never logged off.
To view active Identity Firewall (IDFW) user sessions, navigate to Security > Overview > Configuration in the NSX Manager UI. Then, locate the "Identity Firewall User Sessions" section at the bottom. Then, click on 'Active User Sessions'.
- The VM and IP for these users are also no longer in the effective members list of the AD-based NSX groups:
*The above screenshot doesn't depict it clearly, but the user's VM and IP are missing from the NSX group
Environment
VMware NSX - all versions
Cause
- The UI has an 8 hour timeout for IDFW user sessions. If a user logs off and logs back on, the session will appear again in the UI.
- This does NOT impact the functionality of IDFW. IDFW rules for those users will continue to work.
Resolution
- No steps need to be taken to resolve this issue, as IDFW will still function for users sessions that time out in the UI.
- If a user logs off and logs back on, the session will appear again in the UI.
NOTE: If a user logs in and the session never appears in the UI, this is a different issue and requires troubleshooting. See Steps to troubleshooting GI (Guest Introspection) based IDFW (Identity based Firewall).
Feedback
Yes
No
Powered by
