Decommissioning of The Australia cloud region for the vDefend ATP Malware Prevention

Products

VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

The Malware Prevention Service that is part of vDefend ATP relies on a cloud service for performing malware analysis and detection. Additionally, the Network Detection and Response feature on NAPP versions before 4.2 also rely on this same cloud service. This cloud service is offered in a number of different regions; When the user installs the feature, they can select the preferred cloud region among those available. One of these regions, "Australia 1", is being decommissioned in October 2025.

Environment

SSP 5.0, NAPP>=4.1.2

Cause

The "Australia 1" region is being decommissioned in October 2025, and no longer offers cloud services for vDefend ATP.

Resolution

For new installations of the Malware Prevention feature on vDefend ATP, users will chose among the available cloud regions, which no longer include "Australia 1".

On SSP 5.0

For existing deployments of the Malware Prevention feature, if the installation is using the "Australia 1" region, then the below steps are needed for continued functionality.
To verify which cloud region is being used, users can visit the URL https://<SSP>/api/v1/lastline-cloud-connector-proxy/local_status/status.json. If the json response includes the domain nsx.southeast.au.lastline.com, then the installation is relying on the "Australia 1" region, and the below work-around needs to be applied for continued functionality.
To change the cloud region used by the installation, users will need to delete the Malware Prevention feature, and then activate it again.
For documentation on deleting the feature, refer to Delete Malware Prevention Service.
Once deletion is completed, the feature can be activated again. For documentation on activating the feature, refer to Activate Malware Prevention Service.
During the feature activation workflow, user will be asked to select a cloud region among the available ones, which do not include "Australia 1". Select the desired region and proceed with activation.

On NAPP 4.2.x

For existing deployments of the Malware Prevention feature, if the installation is using the "Australia 1" region, then the below steps are needed for continued functionality.
To verify which cloud region is being used, users can visit the URL https://<NSX Manager>/napp/api/v1/lastline-cloud-connector-proxy/local_status/status.json. If the json response includes the domain nsx.southeast.au.lastline.com, then the installation is relying on the "Australia 1" region, and the below work-around needs to be applied for continued functionality.
To change the cloud region used by the installation, users will need to delete the Malware Prevention feature, and then activate it again.
For documentation on deleting the feature, refer to Delete Malware Prevention for vDefend.
Once deletion is completed, the feature can be activated again. For documentation on activating the feature, refer to Activate Malware Prevention for vDefend.
During the feature activation workflow, user will be asked to select a cloud region among the available ones, which do not include "Australia 1". Select the desired region and proceed with activation.

On NAPP 4.1.x

For existing deployments of the Malware Prevention feature and Network Detection and Response feature, if the installation is using the "Australia 1" region, then the below steps are needed for continued functionality.
For this, proceed as in the NAPP 4.2.x case, but making sure to also delete and then re-activate the Network Detection and Response feature:
- Delete Malware Prevention feature. (if activated)
- Delete Network Detection and Response feature. (if activated)
- Activate Malware Prevention and Network Detection and Response features.
During the feature activation workflow, user will be asked to select a cloud region among the available ones, which do not include "Australia 1". Select the desired region and proceed with activation.