VMware NSX Intelligence 4.1.1 | 15 AUG 2023 | Build 22213770

Check for additions and updates to these release notes.

What's New

VMware NSX® IntelligenceTM 4.1.1 is the first release that interoperates with VMware NSX® 4.1.x releases. New known issues identified since the NSX Intelligence 4.0.1 release have been added to the Known Issues section.

This release provides the following new enhancements in the visualization and firewall rule recommendation functionalities.

  • New functionalities are introduced in the NSX Intelligence visualization feature.

    • The ability to filter for certain workloads, groups, and traffic flows and exclude them from the visualization graph is now available in both the Groups view and Computes view. After applying filters in either visualization view, you can choose to exclude the items that matched the selected filters from getting displayed in the visualization canvas. For more information, see Use Filters on the NSX Intelligence Visualization UI.

    • The new Flow > Traffic Exclusion filter is now available. You can choose Multicast, Unicast, or Broadcast flow types from the list of additional filters to specify that the selected types of traffic flows are to be excluded from getting displayed in the NSX Intelligence visualization canvas. A flow type is listed in the Available section of the Flow > Traffic Exclusion filter drop-down panel only if that type of traffic flow occurred during the selected time period. See Use Filters on the NSX Intelligence Visualization UI for more details.

    • You can assign an NSX tag to one or more compute workloads using the visualization canvas. You can leverage this capability to quickly add appropriate tags to your workloads and therefore correct your security posture using Tag-based NSX policies. For more information, see Managing VM Tags in NSX Intelligence.

    • You can now view related firewall rules for a given workload or traffic flow. NSX Intelligence correlates and shows the exact set of firewall rules that were applied to a given workload or traffic flow for the selected time period. This capability helps you with discovering the rules that impact a particular workload or traffic flow more quickly, thereby saving security administrators with the process of security implementation and investigation. For more details, see Viewing Related Firewall Rules in NSX Intelligence.

  • New NSX Intelligence Recommendation feature enhancements are introduced.

    • The CSV exported file content for a DFW recommendation has been enhanced to include additional information, such as reused services and groups. See Export an NSX Intelligence Recommendation as a CSV File for more information.

    • NSX Intelligence recommendation now offers the option for reusing existing sections for L7 recommended rules. See Recommendation for existing DFW sections for details.

    • The Start New Recommendation dialog has been updated with the following sections. See Generate a New NSX Intelligence Recommendation for more details.

      • The Additional Rules to Consider section has been added where you can specify rules that should also be used to determine which traffic flows are considered unsegmented. By default, the Recommendation engine uses the rules where Source and Destination have the Any value.

      • You can deactivate the new Partial IP Set Group Reuse toggle if, during the recommendation analysis, you want the Recommendation engine to only reuse existing IP groups whose IP set is the same as the IP set of the leaked IPs. By default, this toggle is activated.

      • The new Protocol and Ports Criteria section gives you the option to specify whether you want to exclude or match any of the ports, ranges of ports, or protocols that you enter. By default, traffic flows that occurred from all known ports and protocols in your environment during the specified time range are used during the recommendation analysis.

System Requirements

For system requirements information, see Activating and Upgrading VMware NSX Intelligence. For information about ports and protocols required for NSX Intelligence, see the VMware Ports and Protocols information for VMware NSX Application Platform, which hosts the NSX Intelligence application.

Compatibility Notes

  • For NSX Intelligence and NSX interoperability information, see VMware Product Interoperability Matrices.

  • NSX Intelligence is interoperable with NSX Federation deployments but does not directly support NSX Global Managers. To use the NSX Intelligence user interface, you must access the Local Manager instead of the Global Manager. For deployments with NSX Federation, if an NSX Intelligence instance is deployed with the Local Manager on a specific site, you will see groups from the Global Manager and traffic flows from workloads that are connected to the global objects. However, the visualization will not reflect specifics from other sites. NSX Intelligence recommendations will also not function across various sites because NSX Intelligence does not integrate with the Global Manager of NSX Data Center.

API and CLI Resources

See the NSX Intelligence and NSX Application Platform API Reference page for the available NSX Intelligence REST API and CLI resources.

Available Languages

NSX Intelligence has been localized into multiple languages: English, German, French, Italian, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX Intelligence localization utilizes the browser language settings, ensure that your settings match the desired language.

Document Revision History

Revision Date



August 15, 2023


Initial edition.

August 25, 2023


Added known issue 3262210.

Resolved Issues

  • Fixed Issue 3034560: Kafka logs filled up the ephemeral storage causing the Kafka pods to be restarted.

    The /opt/kafka/log directory became full causing the Kafka pod to be restarted with the message: Pod ephemeral local storage usage exceeds the total limit of containers 1Gi. While the Kafka restarts, the system is unable to perform any activities, such as monitoring the network traffic or generating a new recommendation.

  • Fixed Issue 3046291: Recommendation jobs might fail to complete when the NSX Intelligence, NSX Network Detection and Response, and NSX Malware Prevention features are all activated.

    An NSX Intelligence recommendation job can get stuck in the ANALYSIS_IN_PROGRESS state when the NSX Intelligence, NSX Network Detection and Response, and NSX Malware Prevention features are activated on an Advance form factor. If the minimum Kubernetes cluster resource requirements are not met, the recommendation job cannot run to completion because the existing cluster resources are insufficient.

  • Fixed Issues 3095623 and 3164022: After force deleting transport nodes (TNs) that were created using Policy style API, NSX Intelligence traffic flows are not visible for any newly added TNs.

    When you use the Policy framework to configure the TNs and the policy paths contain a custom resource name, if any of those TNs are force deleted, data collection is not enabled on any newly added TNs. The old TNs will continue to send data. The NSX Data Collection group goes into an inconsistent state because the policy paths of the force deleted TNs did not get cleared.

  • Fixed Issue 3008628: In network environments that use mixed IPv4 and IPv6, some of the network traffic analytics (NTA) detection capabilities in the NSX Suspicious Traffic feature are degraded.

    In network environments that have traffic from VMs that use IPv4 and IPv6, some pods used by the NSX Suspicious Traffic feature in NSX Intelligence might fail silently and stop processing the network traffic altogether. Some anomaly detection capabilities are lost and it is possible that some anomalous activity in the network might go undetected. As a result of the missing detections, some NSX Network Detection and Response campaigns might not get created.

    The following detectors are affected: Data Upload/Download, Destination IP Profiler, DNS Tunneling, Domain Generation Algorithm (DGA), Netflow Beaconing, Port Profiler, Server Port Profiler, and Unusual Network Traffic Pattern.

Known Issues

  • Issue 3262210: Traffic flows might be visualized into only a single cluster node named Unclustered.

    When viewing the traffic flows using the Computes or Groups view visualization after upgrading to NSX Intelligence 4.1.1, the traffic flows might be displayed as one cluster node only, named Unclustered, even after a few hours since the upgrade to version 4.1.1 has completed.

    Workaround: Change the clustering mode that is used to display the traffic flows in the visualization graph. Click the clustering control icon located at the bottom right of the visualization graph and select one of the following clustering modes: by Names, by Labels, or No Clustering mode.

  • Issue 3215655: While upgrading the NSX Application Platform, some periodic NSX Intelligence cronjobs might not run if an older repository URL is blocked before the repository URL is updated to point to the new repository that contains the uploaded target version charts and images.

    Some pods might encounter the ImagePullBackoff error after the old repository URL is blocked before the repository URL is updated to point to the new repository. The NSX Application Platform upgrade might complete but certain periodic NSX Intelligence cron jobs might not be able to run after the upgrade completes.

    Workaround: Log in to the NSX Manager and use the following command to manually delete the failed or stuck jobs.

    napp-k delete job <job-name>

    Also, avoid blocking access to an older repository URL before the NSX Application Platform upgrade has completed.

  • Issue 2389691: Publish recommendation job fails with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

    If you try to publish a single recommendation job that contains more than 2,000 objects, it will fail with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

    Workaround: Reduce the number of objects to fewer than 2,000 in the recommendation job and retry the publication.

  • Issue 2599301: Some active sessions are not visible on the NSX Intelligence user interface for the Last 1 Hour view and are not picked up by the Recommendations module for recommending policies.

    There are active traffic flows running on compute hosts, but these traffic flows are not visible in the Last 1 Hour view on the NSX Intelligence user interface. Starting a recommendation analysis for the involved compute hosts does not generate any recommendations for those traffic flows even though those traffic flows are unsegmented.

    Workaround: Synchronize the timestamps across all the compute hosts that are exporting the network traffic flows.

  • Issue 2839668: Old traffic flow data and configuration data from the previous NSX Intelligence deployment are still displayed after NSX Intelligence is reactivated.

    If NSX Intelligence is deactivated, but the NSX Application Platform remains deployed, the old traffic flow data and configuration data from the previous NSX Intelligence deployment continue to be displayed after NSX Intelligence is reactivated. There is no easy way to clean up the old data and keep them from being displayed.

    Workaround: Contact the VMware Support team for assistance with cleaning up the old data.

check-circle-line exclamation-circle-line close-line
Scroll to top icon