Traffic from VM’s to certain destinations is not working

Quick post about an issue i had yesterday with random traffic being blocked when a VM was being migrated over to VCF and critically to NSX.

At first it was just a random URL that wouldn’t work in NSX, so i moved the VM back and it worked straight away. Then tested the same URL in other test VM’s i had in VCF 9 and NSX, they also had the same problem. URL wasn’t working e.g. being blocked.

We’d had a previous problem with DHCP, already knew what the fix was for that:

https://knowledge.broadcom.com/external/article/371005/virtual-machine-does-not-receive-a-dhcp.html

Started looking in the same place, thinking another policy was blocking this random web traffic. however it wasn’t, then discovered the following, despite me saying the firewall was switch off. By default this is switched on:

Changed that to allow and everything worked.

Eventually found this article that gave the full root cause:

https://knowledge.broadcom.com/external/article/345417/malicious-ips-group-feature-in-distribut.html

Plus i could see the IP’s being dropped in the IP Monitoring dashboard:

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend/vdefend-firewall/9-0/vdefend-distributed-firewall/malicious-ip-feeds/malicious-ips-filtering-and-analysis-dashboard.html

Here i could have added exceptions, however we decided to disabled the firewall rule for now.