Virtual service domain and vShield zones

nvermande · ‎12-14-2009

Hi there,

i've successully implemented vShield zones and NX1000V by using the VSD, the new feature.

I can block and log ftp connections for example, i've also tested the default service-port behaviour when you disconnect the SVM, everything work well, when i disconnect the vShield interfaces, i loose communication with the VM and that's what i want to keep security on the members.

However, when il log to the vShield admin plug-in, my protected test virtual machine does't appear to be protected. I mean that the icon display next to the name does't represent the "protected" icon but the non protected one and the system says that it's not going through th vShield agent.

But my tests have demonstrated that the traffic is going through the vShield, and i'm sure of that point:)

So am i missing something or should i open a ticket at Cisco or Vmware?? it's weird, can somebody help me please?

Thank you!!

srsardar · ‎12-16-2009

It is a known display issue, Vshield on its GUI correctly does not display any of the hosts protected by N1K VSD + Vshield, even though hosts are functionally protected.For AV release, you must look at the N1K VSD commands to know which interfaces are protected by N1K VSD+Vshield.

nvermande · ‎12-16-2009

Thank you,

do you know if a future release will correct this bug, i must explain that to my customer ?

srsardar · ‎12-16-2009

Both Cisco and VMware teams are actively looking into it and planning to fix this issue in next few releases.