[HCI-VN] Distributed Firewall sets a Deny groups, but mutual access between virtual machines in the group is also blocked

Problem Description

Version 6100 does not set a VM Group are the same Distributed Firewall group

However, pings between virtual machines in the same group are blocked.

Effective troubleshooting steps

1. First open the interception log to check which policy is intercepted, which is the second one in the above figure
   
2. View the rule source test network group
   
   I found that there was a shut Shut Down virtual machine whose name, IP and MAC were the same as one of the virtual machines that the office network group pinged.
3. Confirm that one of the virtual machines that ping each other in the customer scenario is backed up from the Shut Down Shut Down virtual machine, the problem is solved.

Root Cause

Distributed Firewall rule are set as VM Group. The underlying principle is to intercept based on the vm ip. The deleted vm ip is the same as the source vm ip, so it will also be intercepted.
Solution

1. Set the effective domain of the interface.
2. Delete and shut down unnecessary virtual machines;

Original Link https://support.sangfor.com.cn/cases/list?product_id=33&type=1&category_id=28031&isOpen=true