VMware Cloud Community
RodvdW
Contributor
Contributor

Vshield - randomly blocks entire VM's

Hi Everyone,

A strange problem which we're experiencing at present. VCNS - 5.5.2 , Vsphere 5.1.0

The last days we've had almost 10 VM's that for no reason are been blocked by VCNS. So working VMs that are working as normal and then suddenly all traffic is blocked.

2 ways to get the VM working again (neither which is preferred)

1) exlude the VM from vshield (bad as the VM is essentially unprotected - adding it back into vshield and the VM is once again blocked)

2) power off VM, remove from Inventory, add back to inventory and power on (bad as we have vshield rules that rely on the VM ID which gets replaced when adding/removing from inventory)

We're restarted the Vshield Manager, resynced vApps, readded vNIC's - nothing is helping and the list of exlcuded VM's is growing larger by the day and has already affected production customers.

Logs are as usual unhelpful.

Has any one seen such a problem or have any ideas?


I have a case open with VMware however there is still no suggestions/answers from their side.

Thanks

Rod

Reply
0 Kudos
1 Reply
Texiwill
Leadership
Leadership

Hello,

I have seen this one a node of a cluster does not have the proper VCNS components installed or incorrect networking setup. I would check these first. You can check VCNS components by using vShield Manager and networking using host profiles.

Are you using VCNS Edge or VCNS App or Both?

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

Message was edited by: Edward Haletky

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos