Uninstall an east-west traffic introspection service.

As part of uninstalling an east-west service, you need to delete the east-west policy, partner service deployed, service chain, service profile, and service segment.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Verify the NSX Manager is in Policy mode.
  3. To delete a policy, select Security → East West Security → Network Introspection (E-W).
  4. Select the east-west policy, click the vertical ellipses, and click Delete Policy.
  5. Click Publish.
  6. To delete a partner service, select System → Service Deployments.
  7. Select the partner service, click the vertical ellipses and click Delete.
  8. Click Delete to complete the process.
  9. To delete an east-west service chain, select Security → Settings → Network Introspection Settings → Service Chain.
  10. Select the service chain, click the vertical ellipses and click Delete.
  11. To delete an east-west service profile, select Security → Settings → Network Introspection Settings → Service Profile.
  12. Select the service profile, click the vertical ellipses and click Delete.
  13. To delete an east-west service segment, select Security → Settings → Network Introspection Settings → Service Segment.
  14. Select the service segment, click the vertical ellipses and click Delete.
  15. If there are issues related to east-west service even after it was uninstalled from the NSX Manager UI, call the following API.
    1. (Prior to NSX-T Data Center 3.1) Disable the service by setting global_status to Disabled.
    2. Call the following API.
      PUT https://<nsx-manager-ip>/policy/api/v1/infra/settings/service-insertion/security/status
      {
          "north_south_enabled": true,
          "east_west_enabled": false,
          "resource_type": "PolicySIStatusConfiguration",
          "id": "status",
          "display_name": "status",
          "path": "/infra/settings/service-insertion/security/status",
          "relative_path": "status",
          "parent_path": "/infra",
          "unique_id": "caf620e9-405f-4533-81ab-2bd5df733364",
          "marked_for_delete": false,
          "overridden": false,
          "_create_user": "system",
          "_create_time": 1646684124017,
          "_last_modified_user": "system",
          "_last_modified_time": 1646687791212,
          "_system_owned": false,
          "_protection": "NOT_PROTECTED",
          "_revision": 0
      }
    3. If tranport nodes, where the east-west service is deployed, are not connected to an overlay network, then N-VDS switch ports block traffic from being redirected to the east-west service. To unblock N-VDS switch ports, remove the extra service insertion settings on the N-VDS switch by running the following CLI command.
      net-dvs -u com.vmware.port.extraConfig.serviceInsertion.gvm -p <N-VDS_Switch_ID> nsxvswitch