5 Replies Latest reply: Oct 20, 2016 7:59 AM by hparrott RSS

    NSX firewall block http traffic through TCP port 69

    lerf2 Novice

      Hi,

       

      I have encountered a wired issue with NSX Firewall (filter).

      Once you enabled NSX Firewall even with "allow all traffic" default rule.


      The HTTP packet through TCP port 69 will be dropped.


      The 3 way handshaking can complete, but the following ACK packet for data transmit will be dropped.

      There is no block event in NSX. But if you turn on Live Flow, you will see the Flow State is "Blocked".


      This case can easily reproduced by:


      1. Enable NSX firewall services.

      2. With the default FW rules, the last rule is allow all traffic.

      3. Place a web server listening on port 69 not protected by NSX.

      4. Start a VM with NSX network protection, open IE browser, connect to http://{web_server}:69/


      If you capture wireshark in the VM, you will see after 3 way handshaking completed, the following ACK for server response will missing.

      If you turn on Live Flow on the VM nic, you will see Flow State "Blocked".


      Does anyone know what happened?



      Environment:

      NSX 6.24

      ESXi 5.5

      Client VM Windows 2008 R2

      Http Server VM (Not in NSX cluster): Ubuntu 14.04 x64