Uninstall an east-west traffic introspection service.

As part of uninstalling an east-west service, you need to delete the east-west policy, partner service deployed, service chain, service profile, and service segment.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Verify the NSX Manager is in Policy mode.
  3. To delete a policy, select Security → East West Security → Network Introspection (E-W).
  4. Select the east-west policy, click the vertical ellipses, and click Delete Policy.
  5. Click Publish.
  6. To delete a partner service, select System → Service Deployments.
  7. Select the partner service, click the vertical ellipses and click Delete.
  8. Click Delete to complete the process.
  9. To delete an east-west service chain, select Security → Settings → Network Introspection Settings → Service Chain.
  10. Select the service chain, click the vertical ellipses and click Delete.
  11. To delete an east-west service profile, select Security → Settings → Network Introspection Settings → Service Profile.
  12. Select the service profile, click the vertical ellipses and click Delete.
  13. To delete an east-west service segment, select Security → Settings → Network Introspection Settings → Service Segment.
  14. Select the service segment, click the vertical ellipses and click Delete.
  15. If there are issues related to east-west service even after it was uninstalled from the NSX Manager UI, call the following API.
    1. (Prior to NSX-T Data Center 3.1) Disable the service by setting global_status to Disabled.
    2. Call the following API.
      PUT https://<nsx-manager-ip>/policy/api/v1/infra/settings/service-insertion/security/status 
      {
    "north_south_enabled": true,
    "east_west_enabled": false,
    "resource_type": "PolicySIStatusConfiguration",
    "id": "status",
    "display_name": "status",
    "path": "/infra/settings/service-insertion/security/status",
    "relative_path": "status",
    "parent_path": "/infra",
    "unique_id": "caf620e9-405f-4533-81ab-2bd5df733364",
    "marked_for_delete": false,
    "overridden": false,
    "_create_user": "system",
    "_create_time": 1646684124017,
    "_last_modified_user": "system",
    "_last_modified_time": 1646687791212,
    "_system_owned": false,
    "_protection": "NOT_PROTECTED",
    "_revision": 0
}
    3. If tranport nodes, where the east-west service is deployed, are not connected to an overlay network, then N-VDS switch ports block traffic from being redirected to the east-west service. To unblock N-VDS switch ports, remove the extra service insertion settings on the N-VDS switch by running the following CLI command.
      net-dvs -u com.vmware.port.extraConfig.serviceInsertion.gvm -p <N-VDS_Switch_ID> nsxvswitch