Search the VMware Knowledge Base (KB)
View by Article ID

Distributed firewall rules fail to apply on VM's without VMware tools (2149040)

  • 0 Ratings


When VM names are used as security tags in NSX distributed firewall,

  • Firewall rules using IP addresses does not apply on virtual machines.
  • VMware tools are not installed in the affected virtual machines.


To resolve this issue, use one of the these options:

  • Install VMware tools on the virtual machine.
  • Change IP Detection Type on cluster level to DHCP snooping, ARP snooping or both.
  • Use IP Addresses instead of VM names.

For more information, see IP Discovery for Virtual Machines and Change IP Detection Type.

Note: If you enable ARP snooping and on some VM's, you have two IP address on same NIC, then spoof guard should be enabled.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 0 Ratings