Dear Broadcom Customer:

The purpose of this Product Advisory is to inform you of a potential problem that has been identified with VMware NSX 3.2.3.1 | NSX 4.1.1 | NSX 4.1.2 | NSX 4.1.2.1. If you are using any of the impacted releases or planning to upgrade to any of the impacted releases, please read this product advisory and KB Article for more details. Alternatively, you can contact Broadcom Support by opening a Service Request or contact your Broadcom Sales Representative / Technical Adoption Manager / Professional Services representative for more detals 

Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.   

Products Impacted: NSX 3.2.3.1 | NSX 4.1.1 | NSX 4.1.2 | NSX 4.1.2.1  

Problem Description:

• VMware vDefend Distributed Firewall (DFW) starts dropping TCP flows shortly after receiving a TCP packet using Seq Number = 0.
• The dropped TCP flow is usually a long-lived connection with a high byte count (as byte count is used in determining seq numbers) or when the TCP flow starts with a high Seq number near to 4 billion.

Symptoms:

• Application traffic protected by DFW will start to see application failure

Impact:

• Application traffic drops

Workaround: Refer to KB Article for more details

Problem Resolution:

• If you are in the process of upgrading to the impacted version or planning to upgrade, “DO NOT USE the impacted version (VMware NSX 3.2.3.1 | NSX 4.1.1 | NSX 4.1.2 | NSX 4.1.2.1). Consider upgrading to NSX 4.2.1.4 and later

If you have any questions about this Advisory, please contact Broadcom Support.
 
Thank you,

Broadcom Support Team