NSX 6.2.4 containing DFW and VMSA-2016-0007.2 fixes releasd

NSXVMware has released an update for their network virtualization platform NSX. The updated fixes the Distributed Firewall Issue that forced VMware to pull NSX 6.2.3 from distribution. This update also fixes the SSL-VPN Issue announced in Security Advisory VMSA-2016-0007.2 (CVE-2016-2079).

Download and Information
Use my vTracker to be the first to known when new releases are available.

Fixed Issues
A full list of fixed issues is available in the Release Notes.

  • DFW Issue – Traffic disruption upon a vMotion operation on virtual machines with Distributed Firewall (DFW) and Security Groups (SG) configured.
  • Unmanageable NSX Edge – This issue occurs when serverSsl or clientSsl is configured in load balancer, but cipher’s value is set as NULL in the previous version.
  • NSX DLR HA split-brain state – When using dynamic routing with High Availability (HA) configured on a DLR Control VM, both the primary and secondary DLR HA nodes can enter and remain in Active state concurrently.
  • VM ARP DLR Issue – If a VM learns the pMac of the logical router as the MAC address for default gateway instead of the generic logical router MAC address, it loses connectivity north of the logical router.
  • VMSA-2016-0007.2 – VMware NSX and vCNS with SSL-VPN enabled contain a critical input validation vulnerability. This issue may allow a remote attacker to gain access to sensitive information.

NSX 6.2.4 is supported with:

  • VMware vCenter Server 6.0 U2
  • VMware vCenter Server 6.0 U1
  • VMware vCenter Server 6.0
  • VMware vCenter Server 5.5 U3
  • VMware vCenter Server 5.5 U2
  • VMware vCenter Server 5.5 U1
  • VMware vCenter Server 5.5
  • VMware ESXi 6.0 U2
  • VMware ESXi 6.0 U1
  • VMware ESXi 6.0
  • VMware ESXi 5.5 U3
  • VMware ESXi 5.5 U2
  • VMware ESXi 5.5 U1
  • VMware ESXi 5.5
  • VMware vCloud Director For Service Providers 8.0.1

NSX 6.2.4 is not supported with:

  • VMware vCloud Director For Service Providers 8.10
  • VMware vCloud Director For Service Providers 8.0

Update Procedure
If you are not familiar with the NSX upgrade process, the documentation is located here. Here is a short recap of the process which is pretty straight forward:

  1. Check Prerequisites / Backup / Understand the operational impact!
  2. Upgrade NSX Manager from its Web Interface
  3. Restart vCenter Server Web Client service
  4. Upgrade NSX Controller Cluster
  5. Upgrade ESXi Host VIB packages
  6. Change VXLAN Port from 8472/UDP to 4789/UDP to align with IANA port assignment (Not required when this has been done during the 6.2.3 upgrade)
  7. Upgrade NSX Edges
  8. Upgrade Guest Introspection

I’ve upgraded my Lab hardware without any issues.

  1. Is there any indication when vCD 8.1 for SP’s will be supported?

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>