View the unsupported list of features or actions.
The following list contains features or actions that are currently not supported:
-
For virtual entities like VMs, VMware vCenter, NSX-T, and so on, the following intents don't work:
- Duplicate IP Address
- Duplicate MAC Address
- HSRP/VRRP Active STP Root Colocation
- HSRP/VRRP Configuration Error
- Port Channel Member Mismatch
- STP Path Cost Method Inconsistency
- All STIG intents
-
For Cisco Bridge Virtual Interface (BVI), the Duplicate IP Address intent might trigger false positive alerts for all the BVI member interfaces which share the same IP address.
-
vRealize Network Insight supports only Per VLAN Spanning Tree (PVST) protocol for HSRP/VRRP Active STP Root Colocation intent.
-
For Cisco ASA devices, the Default Password Existence intent doesn't raise an alert even though the default password is in use. This is because passwords in Cisco ASA configuration is unavailable in plain text and a same password carries different encrypted values for different users.
-
In the Application Summary widget, the Intents count shows as two even when no intent is set for applications.
- In the VeloCloud Edge Summary widget, the Intents count shows as two even when no intent is set for VMware SD-WAN.
-
End-to-end path search involving Cisco ACI and VMware NSX-T data sources does not work in the network map.
-
The autocomplete feature is not supported for IPv6 addresses.
- Cisco ASA redundant interfaces are not included in Port Channel Member Mismatch intent check as the redundant interface to member interface mapping is not supported in vRealize Network Insight.
- If you sort firewall rules using Comment filter and if that rule comment contains double quote (''''), then you see Invalid query format in "Firewall Rule Comment is set" as double quote ('''') in a firewall rule comment is not supported in vRealize Network Insight.
- In the Network Map, when you search for Path that involves Cisco ASA BVI interfaces, you see an incomplete path as Cisco ASA BVI interfaces are not supported in Network Map.
- vRealize Network Insight currently shows only first 25 alerts per intent.
- For Cisco ASR1000, the following intents are not supported:
- STP Path Cost Method Inconsistency
- HSRP/VRRP Active And STP Root Co-location
- Data collection does not collect the inventory from Kubernetes clusters managed by Tanzu Kubernetes Grid Integrated Edition when the last action is in failed state.
- Deactivate the Tanzu Kubernetes Grid Integrated Edition data source in vRealize Network Insight while upgrading the Tanzu Kubernetes Grid Integrated Edition and re-enable it after the upgrade is successful.
- NSX-T Federation behavior with Advanced license:
NSX-T Federation is not supported with advanced license. Hence, vRealize Network Insight continues to treat NSX-T federated objects as local objects and due to this, you may see the following behavior:
- As stretched networking is not supported, duplicate flows can be displayed.
- VM-VM path does not consider stretched entities and an unknown path message is displayed when VMs are across sites.
- If the networking for the VMs within the site is managed by the VMware NSX-T Federation Local manager (LMs), it works as expected.
- If the networking for a site is managed by the VMware NSX-T Federation Global Managers (GMs) (like the Layer 2 network created by GM for a specific site), then even within site VM-VM path does not work.
- Global entities cannot be searched.
- You can see a reference to a global entity in some other Policy entities. If you click this entity, a Feature Not Supported message is displayed.
- GMs can not be added as a data source in vRealize Network Insight. All the VMware NSX-T Federation related data is fetched from the LMs.
- NSX-T Federation behavior for an advance license user upgrading from an earlier version of vRealize Network Insight to advance license version 6.4 and above:
- The global entities that were searchable before the upgrade, will not be searchable after the upgrade.
- After the upgrade, site tagged flows are deleted after a certain duration of time and duplicate flows can appear.
- Some entities can have stale references to the Global Entities, for example, policy groups can have references to global groups, or local firewall rules can have references to the global firewall rules. Clicking these references displays a standard not supported by license message.
-
In the Network Map, path search does not work if VMware NSX Edge VM is connected to NVDS.
-
For devices that do not support CDP and LLDP protocols, Port Channel Member Mismatch intent does not generate alerts if:
- Neighbor devices with inconsistent port-channel configuration make one or more member ports inactive
- There is no ARP table entry pointing to an interface that is not a member of any port-channel, but its neighbor is member of a port-channel
-
The Port Mode Mismatch intent might generate false positive alerts for Cisco ASA devices if VLAN sub-interfaces are configured at port channels.
-
If Panorama fails to commit configuration changes to a Palo Alto gateway, vRealize Network Insight continues to use the latest configuration present in Panorama, which may not be in sync with the policies enforced by the Palo Alto gateway.
-
The paths via tunnels if the ECMP (Equal Cost Multi Path routing) is enabled, may overlap with each other.
-
In case of Federation, vCenter must be added as a compute manager in VMware NSX-T for the global entity enrichment to work properly.
VMware NSX-T Federation Global Managers (GMs) can not be added as a data source in vRealize Network Insight. All the VMware NSX-T Federation related data is fetched from the VMware NSX-T Federation Local manager (LMs).
-
Some complex VM-VM paths in a VMware NSX-T Federation setup may exhibit cross-lines. Use the path labels to understand the path topologies for such paths.
-
Firewall masking event does not work for the Global firewall rule and the Applied To field is missing for Global Gateway Firewall Rules.
-
ServiceNow changed the data-modelling and storing of data for the applications discovered by the Service Mapping plugin with the Discoverable by Service Mapping configuration option. This change is not supported in vRealize Network Insight for ServiceNow based application discovery. vRealize Network Insight still supports applications discovered by Service Mapping with the Manual Endpoint configuration option.
-
Global Rules spanning across site do not show up in VM-VM path.
-
Invalid credentials error can occur on the VMware NSX-T data source if the VMware NSX-T added to vRealize Network Insight is upgraded.
Workaround: Re-enter the credentials.
-
When HSRP/VRRP interfaces at two devices are configured with the same matching Virtual IP address but have the protocol Group ID misconfigured, the HSRP/VRRP Configuration Error intent misclassifies that as "2 Active Master interfaces", instead of classifying it as 'Master interface doesn't know Standby'.
-
You cannot edit the SD-WAN Edge Uplink Utilization intents if you have set the is outside range threshold condition under the exception category.
Workaround: Re-enter the same values for is outside range condition.
-
When the content of an open alert changes, vRealize Network Insight does not show the new value in the alert details.
-
In the Network Map, the entity details window of the distributed switches does not show alerts that are originated from intents.
-
You cannot see the unprotected flows for the Kubernetes service in the Micro-Segmentation Planning page.
- With the release of vSphere 7.x, some vRealize Network Insight features stop to work in 6.x versions due to vSphere Tanzu. For more information, see the KB article 78492.
- Spanning Tree Protocol (STP) support in vRealize Network Insight is only limited to Cisco Per-VLAN Spanning Tree Protocol (PVSTP).
- vRealize Network Insight recommends configuring unique FQDN hostnames on host entities (like UCS Blades or servers) for proper interpretation of underlying host entities. Absence of unique FQDN hostnames may lead to incorrect association of VMs to underlying similar hostnames.
- Unable to change the IP address of a Federation instance after it is configured in Federation.
WorkaroundUnpair the instance and reconfigure it with the required IP address.
- If a Federation instance is in the disconnected state, the Unpair option is deactivated.
- For some time the values of the Federation page Key Performance Indicators (KPI) are inconsistent when compared to the values in the entity details page or the actual instance. This is because the polling frequencies of Federation page KPIs are different.
- vRealize Network Insight does not support Federation as a search query and the time range selection for this query. Federation page always shows the present data.
- In the Federation page, the deployment widget shows new changes after one minute as the response time for the Deployments widget is cached for one minute.
- Any Federation instance that is unreachable for more than 24 hours, is not shown in the Environment widget of the Federation page.
- Path search in Network Map does not return any results if Check Point VRRP virtual IP is used as the source address.
- In the Federation page, the Platform Capacity section includes unknown flows with internet flows and east-west flows for the deployed instances.
- Flow based link inference algorithm of vRealize Network Insight used by Network Assurance and Verification (NAV) can show incorrect links between a pair of devices when unsupported devices are present between the pair. These incorrect links can cause Loop Detection intent to generate false alerts.
-
Known limitations for IPv6 addresses:
- Online upgrade and support tunnel for pure IPv6 and dual-stack setup is not certified.
- vRealize Network Insight does not support the change of IP family from IPv4 to IPv6 and conversely.
- vRealize Network Insight does not support webhooks for IPv6 and dual-stack.
- When you add VMware NSX-T Manager using the Certificate (Principal Identity) authentication method, NSX Intelligence integration does not work with the principal identity user.
- vRealize Network Insight fails to collect data for some
show
commands using SSH from devices (such as Arista switches). The fail happens ifenable
password is configured for the device and the password prompt shows up when the user account attempts to enter theenable
mode.