In this article
1. Feature Description
2. Setup
3. Checking Status
4. Manual Synchronization
Feature Description
Host and Cluster check is quick and easy method to determine if the clusters and hosts associated with active NSX Manager are synchronized. An unsynchronized host or cluster indicates that one or more hosts are not up to date with the latest dFW rules and/or objects. This occurs when there are communication issues between the NSX Manager and the hosts. The Host and Cluster check tool will display the current status with the option to manually force a re-synchronization.
Minimum Release: 2.5
Application: NSX-v
License: Enterprise
Privilege level: Audit or higher; Security Engineer or higher (re-synch)
Setup
No setup required. All clusters and hosts associated with the active NSX Manager will be displayed.
Checking Status To view the current host and cluster status navigate to Operations > Distributed Firewall and select either the host or cluster link at the top of the page.
ℹ️ The host and cluster status is displayed on the dFW main page. The links for both items navigate to the same window that displays both the host and cluster status.
A status of green indicates that the latest NSX dFW rules and objects reside in the host and/or cluster. A red status indicates the host and/or cluster has not received the latest updates.
Mis-matched Generation Numbers indicate clusters or hosts that have failed to receive/parse/update firewall configurations (rule sets) from NSX Manager and are therefore out-of-synch. Generation numbers are generated separately – one for the rule set and another for any associated objects.
Manual Synchronization
ℹ️ Host Objects are considered in-synch if the generation number is equal-to or greater than the dfw rule set generation number.
When a host or cluster become out-of-synch a visual indicator is provided on the dFW dashboard. In this example, the host is out of synch – note the mis-matched generation numbers.
For any entry detected as out-of-synch, a refresh button is provided to force an update. Depending upon the object and rule set size, this may take a few minutes to complete. Refresh the page to see the current status.
If this method does not resolve your issue, verify that the host preparation procedure was followed by logging in to the host and collect the /var/log/vsfwd.log file and contact VMware technical support.