The export version of Distributed Firewall must be set to 1000 on hosts before you migrate them to NSX-T Data Center. You must verify the export version and update if necessary.
This configuration is required for all migration modes (end-to-end, lift-and-shift, and in-place). It is also required even if you are not migrating the NSX-v environment but only plan to do a hot migration of VMs from NSX-v to NSX-T using vMotion.
Procedure
- ♦ For each host, complete the following steps.
- Log into the command-line interface.
- Retrieve the Distributed Firewall filter for the host.
[root@esxi:~] vsipioctl getfilters | grep "Filter Name" | grep "sfw.2" name: nic-2112467-eth0-vmware-sfw.2 name: nic-2112467-eth1-vmware-sfw.2 name: nic-2112467-eth2-vmware-sfw.2 [root@esxi:~]
- Use the filter information to retrieve the export version for the host.
[root@esxi:~] vsipioctl getexportversion -f nic-2112467-eth0-vmware-sfw.2 Current export version: 500 [root@esxi:~]
- If the version is not 1000, set the export version by using any one of the following methods:
- Method 1: Run the vsipioctl setexportversion command.
[root@esxi:~] vsipioctl setexportversion -f nic-2112467-eth0-vmware-sfw.2 -e 1000
- Method 2: Disable and then enable Distributed Firewall on the cluster.
In the vSphere Client, navigate to . Select the cluster and click . After the firewall is disabled, click .
- Method 1: Run the vsipioctl setexportversion command.
- Verify that the export version is updated.
[root@esxi:~] vsipioctl getexportversion -f nic-2112467-eth0-vmware-sfw.2 Current export version: 1000
