NSX: Unable to populate the registered-ip under DAG
5505
Created On 03/12/20 04:35 AM - Last Modified 11/22/22 05:07 AM
Symptom
- Service manager is in “Registered” state and Security Groups are created in NSX for corresponding DAG’s created on Panorama. Service Profiles from NSX are populated under DAG. However, no registered IP are populated under DAG for the existing service profiles
- Verify Service Profiles from NSX are populated on Address Groups > Add Match Criteria. In this case, service profiles are populated but IP address are not present when clicking “More” option on the Address Group
- Enable php debug and click “More” from Panorama > Device Group > Objects > Address Group to verify the IP addresses being received on Panorama from NSX. Ideally, we should be receiving the IP addresses as shown below but in this case it was empty.
- Verify NSX > Security > Service Composer > Security Groups has Objects included and IP addresses are populated. In this case its empty as well
- Since the Security Group has objects included but the IP’s are missing, investigate the specify VM to check whether VMware Tools are installed to populate the IP
Environment
- Platform: Panorama
- Deployment: Security Centric
- NSX
- Dynamic Address Groups (DAG)
Cause
IP information was not present on the Guest VM in question due to missing VMWare Tools hence the Security Group was not populated with IP and so NSX could not push any IP to Panorama.
Resolution
Install VMware Tools on the Guest VM to populate IP information on Security Groups in NSX