VMware Networking Community
TarunGuptaAccen
Enthusiast
Enthusiast
‎11-21-2018 02:57 AM
Jump to solution

Service Composer policy always in "Progress" and can see rule in DFW and NSX API

Hi team,

           we are using  NSX version 6.3.2 . Some of the security policies when published are  in Progress status  but what i can see is rules are there when i navigate to DFW

pastedImage_0.png

rule there on DFW .

pastedImage_1.png

NSX API ( using postman )

pastedImage_2.png

here are my questions:

1 .   how to make sure rules are rightly published even though Service composer state is in Progress. ?

2.how to check  DFW rules on Esxi hosts ..any specific commands  ?

Tarun Gupta

0 Kudos
1 Solution

Accepted Solutions
vLingle
VMware Employee
VMware Employee
‎11-21-2018 10:14 AM
Jump to solution

TarunGuptaAccenture​,

1)This is a known cosmetic issue, noted in the VMware NSX for vSphere 6.3.2 Release Notes

     Issue 1660718: Service Composer policy status is shown as "In Progress" at the UI and "Pending" in the API output

2)To verify via ESXi CLI what’s been pushed down to the vNIC of the VM in question….

Retrieves the filter name of the VM:

# summarize-dvfilter | grep –A 10 –i <vm-name>

Checks the policy rules applied at the VM’s vNIC:

# vsipioctl getfwrules -f <filter_name>

Shows the mapping between internal objects and associated IP or MAC addresses:

# vsipioctl getaddrsets -f <filter_name>

*The recommendation from VMware is to move to the latest release on the 6.3 train, which is NSX 6.3.7 and that issue looks to be resolved by that version.

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle

View solution in original post

0 Kudos
1 Reply
vLingle
VMware Employee
VMware Employee
‎11-21-2018 10:14 AM
Jump to solution

TarunGuptaAccenture​,

1)This is a known cosmetic issue, noted in the VMware NSX for vSphere 6.3.2 Release Notes

     Issue 1660718: Service Composer policy status is shown as "In Progress" at the UI and "Pending" in the API output

2)To verify via ESXi CLI what’s been pushed down to the vNIC of the VM in question….

Retrieves the filter name of the VM:

# summarize-dvfilter | grep –A 10 –i <vm-name>

Checks the policy rules applied at the VM’s vNIC:

# vsipioctl getfwrules -f <filter_name>

Shows the mapping between internal objects and associated IP or MAC addresses:

# vsipioctl getaddrsets -f <filter_name>

*The recommendation from VMware is to move to the latest release on the 6.3 train, which is NSX 6.3.7 and that issue looks to be resolved by that version.

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle
0 Kudos