https://community.checkpoint.com/t5/Cloud-Firewall/NSX-V-Redirect-issue/m-p/71424#M2637 Hi Javier,<BR /><BR />Can you please run summarize_dvfilter on the esxi server and share the output ?<BR /><BR />Thanks Wed, 01 Jan 2020 06:49:00 GMT Kfir_Bachar 2020-01-01T06:49:00Z https://community.checkpoint.com/t5/Cloud-Firewall/NSX-V-Redirect-issue/m-p/70629#M2636 <P>&nbsp;</P><P>Hi mates,</P><P>&nbsp;</P><P>im working on a small nsx environment, previous to a POC on the production environment, the thing is that i have some issues putting the partner services redirection rules to work. I have some servers in 2 security groups, connected via tos logical switches and a nsx edge gw, but the trafic is only reaching the vmware distribute firewalls not the redirect ones.</P><P>&nbsp;</P><P>I guess im missing some basic config, but the sk is confussing on not complete at least for my understanding, and mixing that with the nsx complexitiy is making me hitting my head against the wall more than what i would like, any config pieces to check ? Has anyone faced any simillar issues ?</P><P>&nbsp;</P><P>Filters on the nsx manager.</P><P>&nbsp;</P><P class="lia-indent-padding-left-30px"><FONT size="1 2 3 4 5 6 7">NSX-Manager&gt; show dfw host host-506 filter nic-77726-eth0-vmware-sfw.2 rules</FONT><BR /><FONT size="1 2 3 4 5 6 7">ruleset domain-c481 {</FONT><BR /><FONT size="1 2 3 4 5 6 7"># generation number: 1576544216814</FONT><BR /><FONT size="1 2 3 4 5 6 7"># realization time : 2019-12-17T00:43:09</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1003 at 1 inout protocol ipv6-icmp icmptype 136 from any to any accept;</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1003 at 2 inout protocol ipv6-icmp icmptype 135 from any to any accept;</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1002 at 3 inout protocol udp from any to any port 67 accept;</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1002 at 4 inout protocol udp from any to any port 68 accept;</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1001 at 5 inout protocol any from any to any drop;</FONT><BR /><FONT size="1 2 3 4 5 6 7">}</FONT></P><P class="lia-indent-padding-left-30px"><FONT size="1 2 3 4 5 6 7">ruleset domain-c481_L2 {</FONT><BR /><FONT size="1 2 3 4 5 6 7"># generation number: 1576544216814</FONT><BR /><FONT size="1 2 3 4 5 6 7"># realization time : 2019-12-17T00:43:09</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1004 at 1 inout ethertype any stateless from any to any accept;</FONT><BR /><FONT size="1 2 3 4 5 6 7">}</FONT></P><P>Filters specific to partner services, punt action as all the vms are under the same ESX,</P><P class="lia-indent-padding-left-30px"><FONT size="1 2 3 4 5 6 7">N</FONT><FONT size="1 2 3 4 5 6 7">SX-Manager&gt; show dfw host host-506 filter nic-77726-eth0-serviceinstance-5.4 rules</FONT><BR /><FONT size="1 2 3 4 5 6 7">ruleset 1745 {</FONT><BR /><FONT size="1 2 3 4 5 6 7"># generation number: 0</FONT><BR /><FONT size="1 2 3 4 5 6 7"># realization time : 2019-12-17T00:43:10</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1777 at 1 inout protocol any from addrset ip-securitygroup-19 to any punt with log;</FONT><BR /><FONT size="1 2 3 4 5 6 7">rule 1775 at 2 inout protocol any from any to addrset ip-securitygroup-19 punt with log;</FONT><BR /><FONT size="1 2 3 4 5 6 7">}</FONT></P><P class="lia-indent-padding-left-30px"><FONT size="1 2 3 4 5 6 7">ruleset 1745_L2 {</FONT><BR /><FONT size="1 2 3 4 5 6 7"># generation number: 0</FONT><BR /><FONT size="1 2 3 4 5 6 7"># realization time : 2019-12-17T00:43:10</FONT><BR /><FONT size="1 2 3 4 5 6 7">}</FONT></P><P>Regards</P> Tue, 17 Dec 2019 09:33:37 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NSX-V-Redirect-issue/m-p/70629#M2636 Javier_Sanchez 2019-12-17T09:33:37Z https://community.checkpoint.com/t5/Cloud-Firewall/NSX-V-Redirect-issue/m-p/71424#M2637 Hi Javier,<BR /><BR />Can you please run summarize_dvfilter on the esxi server and share the output ?<BR /><BR />Thanks Wed, 01 Jan 2020 06:49:00 GMT https://community.checkpoint.com/t5/Cloud-Firewall/NSX-V-Redirect-issue/m-p/71424#M2637 Kfir_Bachar 2020-01-01T06:49:00Z