VMware Cloud Community
linuxcrash
Contributor
Contributor
‎07-18-2013 12:54 AM

vApp Template loses vShield FW rules when deployed...

Hi All,

Has  anyone encountered the following behavior:

I create a vApp Template with 3 VMs and a vShield router configured with FW rules and NAT port forwarding with "Make identical copy". When I deployed the vApp Template into another Org from the Global Catalog the newly created vApp has no vShield anymore until I go into the Networking tab of the new vApp and select the connection to the outside world. The FW and NAT rules are gone as well.

I'm pretty sure this was working before without issues but suddenly it doesn't anymore. Has anyone some hints where I should have a look at to get this functionality working again?

Regards

Albin

0 Kudos
4 Replies
cfor
Expert
Expert
‎07-18-2013 07:21 AM

Yes.  Please contact VMware on this - this is a known issue with v5.1.  (still broke in vcd 5.1.2)

Anytime the uplink gets changed to "None" - by setting it, or cross VDC's (or orgs) that do not have the same network; firewall rules all all deleted (data loss).  The reason for this is security (but I would argue the current deletion of data make the system less secure).

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
linuxcrash
Contributor
Contributor
‎07-18-2013 07:46 AM

Hi,

Thanks for confirming this. I actually found that as long as the vApp template from the global catalog was created within the same Org and deployed into the originating Org it keeps all the network settings.

As soon as you try to deploy the vApp template from the global catalog into a different Org it removes the uplink and the vShield Edge is gone because the linked Org network had a different Org VDC Network identifier.

This is very unfortune as we use the same Provider DC Network (VXLAN IP Pool) in all Org's, linked in direct mode although they all have a different name within the Org's. I also tried to name the linked OVDC Networks within all the Org's using the same name but still it does not work because of the previously mentioned internal Org VDC Network identifier vCD is using internally. 😞

I will report this to VMware and hope they are going to implement this as an additional functionality where the user can decide upon the vApp template deployment if he wants to link it automatically to the new Org's VDC Network including all the Edge configs or not.

Thanks

Albin

0 Kudos
cfor
Expert
Expert
‎07-18-2013 08:06 AM

Yes.  We have the same issue. 

We have spoken at length to VMware on this, and to be honest I would suggest you call and complain if you want to see it changed.  (It seems like VMware likes this new "feature")

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
linuxcrash
Contributor
Contributor
‎07-18-2013 08:26 AM

I have created a support request at VMware with "high" importance. Will see what happens in the next hours otherwise will probably try to increase the importance furhter.

Regards

0 Kudos