Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-10-2014 02:52 AM
Hi PA-Admins,
we installed a VM-100 (version 6.0.2) in our ESXi environment. By accident we forgot to disable vmotion for the VM and the VM moves from one host to others...
I thought vmotion is not supported but our VM-100 is still running and the licenses are valid.
from the Virtualization_Admin_Guide_6.0:
System Requirements and Limitations
This section lists requirements and limitations for the VM-Series firewall on VMware vSphere Hypervisor (ESXi).....
....
-vMotion of the firewall is not supported
from the VM-Series_Deploymnt-RevA
The authcode is tied to the Universally Unique ID (UUID). If the firewall is cloned, the UUID will change and the license will become invalid. Moving the firewall from one host to another will not change the UUID (only the CPUID) and therefore the license will remain valid.
So what is now truth?
07-10-2014 04:39 AM
Hello Hithead,
Its possible to move firewall with option "guest was moved", that way it will not change UUID. This appears to be different than vmotion.
I checked multiple documents and found Vmotion is not supported,
Does it change UUID or CPUID when host changes VM[through vmotion]? IF NO, then there might be some changes in ESXi that id didnt change them. So, thats why licenses are valid.
Regards,
Hardik Shah
07-10-2014 07:42 AM
V-motion does not change the identities that the license keys off of in the PA VM. So it does "work" to allow the v-motion.
However, using the VM-100 in a V-motion environment is not a supported feature by PA. So if you have this configured and encounter an issue, PA support will have you turn this off.
I would exclude the vm-100 from v-motion just to keep things on the safe side. Although I see v-motion as low risk, Storage v-motion with the logging environment of the vm-100 should be avoided as a higher risk operation.
07-11-2014 05:00 AM
thanks. I will check it and take a look. Also I like to restart the VM at another host. Just to be sure.
07-11-2014 11:35 AM
Hello Hithead,
Things doesnt matter a long as UUID doesnt change. As steven said, Vmotion will work, but not supported.
Regards,
Hardik Shah
07-14-2014 07:09 AM
The license key is bonded to the CPUID and UUID...(if I want to register a new VM, both values are required)...Anyway, I will check the days if VMotion works or not. Just to be double sure.
07-15-2014 05:20 AM
hello,
tried VMotion and it seems to work. The licenses are still valid, also when you restart the VM on another host.
But for PAN-Support we bounded it to the original ESXi Host.
thx
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
