This is how it works for me: @ralbertodacu wrote: I had a similar issue when I was testing the Identity Firewall on my home lab: - VM A, logged in with a User from my "Allowed Test Group...
See more...
This is how it works for me: @ralbertodacu wrote: I had a similar issue when I was testing the Identity Firewall on my home lab: - VM A, logged in with a User from my "Allowed Test Group"; - VM B, target VM that I was trying to connect via SSH; My firewall rules looked similar to yours (AD Group allowed to speak to VM Group where VM B was), however I could not establish a connection. The only way I could make it work at the time was by explicitly allowing the return traffic. In other words, I had to create another rule that would allow VM B to speak to VM A. You can test it with an "Allow Any Any" rule and, if it works, narrow it down just to the specific traffic you're looking for. Hope this helps.
I have a question about the NSX-T DFW Applied to rules. I case if I have in Groups ip address or IP Subnet, Applied To rule doesn't work. In the case if I create Groups as Membership Criteria or sel...
See more...
I have a question about the NSX-T DFW Applied to rules. I case if I have in Groups ip address or IP Subnet, Applied To rule doesn't work. In the case if I create Groups as Membership Criteria or select virtual machine from members, Applied to works as it should. Where is the problem and why does it not work if I have an IP address in the group.
I am preparing a POC for a new Client. Where could I get a 3-tier-App ova file for demonstartion NSX-T security and AVI Load Balancing. I had this file some time ago, but I can't find it anymore.
I am having trouble implementing AVI Advance Load balancer with NSX-T Federation. The problem is that I cannot select the overlay segment for management and data networks: br, GG
The problem was that the certificate did not contain client authentication. I was create new certificate with server and client authentication and then I was able to replace certificate.
In my NSX-T environment certificates will be expire in 7 days. I did it CA certificate for Local Managers and Global Managers. But now I have a problem that it does not replace my certificate at all...
See more...
In my NSX-T environment certificates will be expire in 7 days. I did it CA certificate for Local Managers and Global Managers. But now I have a problem that it does not replace my certificate at all services. I changed the certificate according to the instructions below: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-50C36862-A29D-48FA-8CE7-697E64E10E37.html
Hi, I have 3 NSX-T Managers and I have a repo sync problem on two of them. How to resolve this problem? I try to reboot all three appliances and this is not help. Also I try with Resolve bu...
See more...
Hi, I have 3 NSX-T Managers and I have a repo sync problem on two of them. How to resolve this problem? I try to reboot all three appliances and this is not help. Also I try with Resolve button.
Hi Sreec, I have already successfuly reset root password, now I want to change password with more complex password, because this is not possible across the console and I may be wrong.
Hi, On NSX-T manager root password has expired. I successfuly reset the password via vmware console. Now I have a problem that I can't change my root password. I used the procedure bellow. SSH to...
See more...
Hi, On NSX-T manager root password has expired. I successfuly reset the password via vmware console. Now I have a problem that I can't change my root password. I used the procedure bellow. SSH to NSX-T Manager with admin user st e (login to root) passwd root password successfuly changed sync reboot -f Now when want to log in whit new root password, my login does not work. Login with reset password works normaly. How can I change the root password?
Federation and IDM successfully connect, and we can also import IDM users to the federation. We have a problem with the integration NSX-T federation and Identity manager. The problem occurs when we l...
See more...
Federation and IDM successfully connect, and we can also import IDM users to the federation. We have a problem with the integration NSX-T federation and Identity manager. The problem occurs when we log in to the Federation with a domain user, and it does not show us the correct UI. Debug mode in Google Chrome shows me the bellows errors: {error_code: 401, error_message: "Not authorized.", module_name: "common-services"} error_code: 401 error_message: "Not authorized." module_name: "common-services" We did the integration with NSX-T Local Manager, and everything works fine. Everything works even if we connect to the federation with an admin user.
Thank you for reply. What about EDGE node configuration? Does the EDGE node have to have 4 uplinks? Or we create EDGE node with 2 Uplink, where each uplink Port Group have 2 active uplinks. For ex...
See more...
Thank you for reply. What about EDGE node configuration? Does the EDGE node have to have 4 uplinks? Or we create EDGE node with 2 Uplink, where each uplink Port Group have 2 active uplinks. For example: Uplink-1 -> Leaf-1 Uplink-2 -> Leaf-2 Uplink-3 -> Leaf-1 Uplink-4 -> Leaf-2 EDGE-Uplink01: EDGE-Uplink02:
Hi, In VMware Validated Design 6.2 I read that LACP is not recomended for ESXi host uplinks! In my case I have ESXi hosts with 6 uplink ports (2 is for mgmt VDS and 4 is for VTEP VDS) and each ...
See more...
Hi, In VMware Validated Design 6.2 I read that LACP is not recomended for ESXi host uplinks! In my case I have ESXi hosts with 6 uplink ports (2 is for mgmt VDS and 4 is for VTEP VDS) and each server is connected to two ToR switches (Leaf-Spine). What is your opinion regarding the LACP and NSX-T configuration?
Are you using that teaming-1 and teaming-2 ? Where should I set this up It look like something goes wrong there. Did you assign that teaming to the vlans you use for the connection to the leaf's...
See more...
Are you using that teaming-1 and teaming-2 ? Where should I set this up It look like something goes wrong there. Did you assign that teaming to the vlans you use for the connection to the leaf's ? No
