Hi team,
we are using NSX version 6.3.2 . Some of the security policies when published are in Progress status but what i can see is rules are there when i navigate to DFW
rule there on DFW .
NSX API ( using postman )
here are my questions:
1 . how to make sure rules are rightly published even though Service composer state is in Progress. ?
2.how to check DFW rules on Esxi hosts ..any specific commands ?
Tarun Gupta
TarunGuptaAccenture,
1)This is a known cosmetic issue, noted in the VMware NSX for vSphere 6.3.2 Release Notes
Issue 1660718: Service Composer policy status is shown as "In Progress" at the UI and "Pending" in the API output
2)To verify via ESXi CLI what’s been pushed down to the vNIC of the VM in question….
Retrieves the filter name of the VM:
# summarize-dvfilter | grep –A 10 –i <vm-name>
Checks the policy rules applied at the VM’s vNIC:
# vsipioctl getfwrules -f <filter_name>
Shows the mapping between internal objects and associated IP or MAC addresses:
# vsipioctl getaddrsets -f <filter_name>
*The recommendation from VMware is to move to the latest release on the 6.3 train, which is NSX 6.3.7 and that issue looks to be resolved by that version.
TarunGuptaAccenture,
1)This is a known cosmetic issue, noted in the VMware NSX for vSphere 6.3.2 Release Notes
Issue 1660718: Service Composer policy status is shown as "In Progress" at the UI and "Pending" in the API output
2)To verify via ESXi CLI what’s been pushed down to the vNIC of the VM in question….
Retrieves the filter name of the VM:
# summarize-dvfilter | grep –A 10 –i <vm-name>
Checks the policy rules applied at the VM’s vNIC:
# vsipioctl getfwrules -f <filter_name>
Shows the mapping between internal objects and associated IP or MAC addresses:
# vsipioctl getaddrsets -f <filter_name>
*The recommendation from VMware is to move to the latest release on the 6.3 train, which is NSX 6.3.7 and that issue looks to be resolved by that version.