- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: NSX-V Redirect issue
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NSX-V Redirect issue
Hi mates,
im working on a small nsx environment, previous to a POC on the production environment, the thing is that i have some issues putting the partner services redirection rules to work. I have some servers in 2 security groups, connected via tos logical switches and a nsx edge gw, but the trafic is only reaching the vmware distribute firewalls not the redirect ones.
I guess im missing some basic config, but the sk is confussing on not complete at least for my understanding, and mixing that with the nsx complexitiy is making me hitting my head against the wall more than what i would like, any config pieces to check ? Has anyone faced any simillar issues ?
Filters on the nsx manager.
NSX-Manager> show dfw host host-506 filter nic-77726-eth0-vmware-sfw.2 rules
ruleset domain-c481 {
# generation number: 1576544216814
# realization time : 2019-12-17T00:43:09
rule 1003 at 1 inout protocol ipv6-icmp icmptype 136 from any to any accept;
rule 1003 at 2 inout protocol ipv6-icmp icmptype 135 from any to any accept;
rule 1002 at 3 inout protocol udp from any to any port 67 accept;
rule 1002 at 4 inout protocol udp from any to any port 68 accept;
rule 1001 at 5 inout protocol any from any to any drop;
}
ruleset domain-c481_L2 {
# generation number: 1576544216814
# realization time : 2019-12-17T00:43:09
rule 1004 at 1 inout ethertype any stateless from any to any accept;
}
Filters specific to partner services, punt action as all the vms are under the same ESX,
NSX-Manager> show dfw host host-506 filter nic-77726-eth0-serviceinstance-5.4 rules
ruleset 1745 {
# generation number: 0
# realization time : 2019-12-17T00:43:10
rule 1777 at 1 inout protocol any from addrset ip-securitygroup-19 to any punt with log;
rule 1775 at 2 inout protocol any from any to addrset ip-securitygroup-19 punt with log;
}
ruleset 1745_L2 {
# generation number: 0
# realization time : 2019-12-17T00:43:10
}
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please run summarize_dvfilter on the esxi server and share the output ?
Thanks