VRLI is showing traffic hitting NSX Firewall at a ...

vmedzeusky · ‎03-15-2023

Let's say we have two rules 3001 and 3002.

3001 permit any to Cardinal01 (10.1.1.50) TCP 135

3002 permit any to Cardinal01 (10.1.1.50) ANY TCP

What I'm seeing in VRLI is traffic destined for Cardinal01 is triggering rule 3002
(a test rule before implementing a deny actually) when it should be hitting 3001.
Looking at the UI 3001 is visibly above 3002. How would I go about troubleshooting
what appears to be a problem with order of processing?

Thanks!

ShahabKhan · ‎03-15-2023

Hi,

You will only see a hit for the first rule when the destination port is TCP 135. For all the other ports, the traffic will hit the second rule.

Regards,

vmedzeusky · ‎03-16-2023

Right. That's how it *should* work. But what I'm saying is the VRLI is showing rule 3002, the second rule triggering for traffic to that destination and port. Seeking advice on how to troubleshoot that the order of processing appear broken.

ShahabKhan · ‎03-16-2023

Can you please share the screenshots from VRLI & also from the dFW.

All

VRLI is showing traffic hitting NSX Firewall at a second, lower rule rather than the first