VMware Cloud Community
ZGerman
Contributor
Contributor
‎05-12-2016 11:48 AM

Log Insight with NSX Proto 1

Hello,

We are using Log Insight to view NSX information, we have a Tag setup that sends us blocks, for the most port we se source/destionation, protocol and port, however we are seeing some data where we get the Source and Destination however the Ports are empty and the firewall_protocol is coming over as "PROTO 1".  It's really hard to make rules from that since we don't know Ports, we do know the Traffic is coming from a F5 load balancer to a VM.

Any idea  how we can add a rule to allow this traffic without opening it up all the way?

-Daniel

0 Kudos
2 Replies
sflanders
Commander
Commander
‎05-12-2016 03:15 PM

Hey Daniel -- Sounds like the issue on the NSX side. LI cannot change the log message. I would advise reporting this in the NSX group.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
0 Kudos
MichaelRyom
Hot Shot
Hot Shot
‎05-13-2016 01:24 AM

Its NOT a bug. Proto 1 means its icmp. icmp is a protocol and as such doesnt use ports like application, but have a protocol number assigned by iana.

Have a look here https://www.google.dk/url?sa=t&source=web&rct=j&url=http://www.iana.org/assignments/protocol-numbers...

This is logged corretly.

Blogging at https://MichaelRyom.dk
0 Kudos