Solaris 11 zone has no external network access (except to Global Zone)

Hi, hoping someone can help, its been a while since I used Solaris.
After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin)
However, the NGZ cannot access any other netwqork devices, it can't even see the default router

I have tried different methods of creating the zone (Oracle Docs - How to Configure a Zone for the Virtual Network)
but each method has the exact same result (the zone can only access the GZ and nothing else)

GZ Config
----------------
GMS-SOl114_global> ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        static     ok           --         10.100.216.12/24
   net0/v6        addrconf   ok           --         fe80::250:56ff:fe9a:d73a/10
GMS-SOl114_global>

GMS-SOl114_global> netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.100.216.1         UG       22     250653
10.100.216.0         10.100.216.12        U         9      22840 net0
127.0.0.1            127.0.0.1            UH        2      19058 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      2    5442 lo0
fe80::/10                   fe80::250:56ff:fe9a:d73a    U       2       0 net0


GMS-SOl114_global> route -p show
add persistent net -name route-1 default: gateway 10.100.216.1


GMS-SOl114_global> cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1             localhost
127.0.0.1       localhost loghost
10.100.216.12   GMS-SOL114
10.100.216.13   zone1

GMS-SOl114_global> cat /etc/resolv.conf

#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
#   DO NOT EDIT THIS FILE.  EDITS WILL BE LOST.
# See resolv.conf(5) for details.

search  GMS.LOCAL
nameserver      10.100.216.110

The GZ can access any external device/server/website without issues 
This is using the router 10.100.216.1         

ZONE CREATION COMMAND
----------------------------------------
GMS-SOl114_global> zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set bootargs="-m verbose"
zonecfg:zone1> select anet linkname=net0
zonecfg:zone1:anet> set lower-link=net0
zonecfg:zone1:anet> set allowed-address=10.100.216.13/24
zonecfg:zone1:anet> set defrouter=10.100.216.1
zonecfg:zone1:anet> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit


GMS-SOl114_global> zoneadm -z zone1 install
Note - no need to specify any network info when configuring Zone1 as its already been specified

ZONE Information
---------------------------

GMS-SOl114_global>   zonecfg -z zone1 info
zonename: zone1
brand: solaris
autoboot: true
bootargs: -m verbose
anet:
        linkname: net0
        lower-link: net0
        allowed-address: 10.100.216.13/24
        configure-allowed-address: true
        defrouter: 10.100.216.1
        link-protection: "mac-nospoof, ip-nospoof"
        auto-mac-address: 2:8:20:ac:71:2d

GMS-SOl114_global> zonecfg -z zone1 info ip-type
ip-type: exclusive

ZONE Network Config
-----------------------------


GMS-SOl114_global>  dladm show-phys
LINK            MEDIA         STATE      SPEED  DUPLEX    DEVICE
net0            Ethernet      up         1000   full      e1000g0


root@zone1:~# ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        inherited  ok           --         10.100.216.13/24


root@zone1:~# netstat -r

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface
-------------------- -------------------- ----- ----- ---------- ---------
default              10.100.216.1         UGZ       2         37 net0
10.100.216.0         zone1                U         6        128 net0
zone1                zone1                UH        2         36 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
zone1                       zone1                       UH      2      44 lo0

Note that Zone1 cannot see the default gateway (10.100.216.1) 


root@zone1:~# dladm
LINK                CLASS     MTU    STATE    OVER
net0                vnic      1500   up       ?


root@zone1:~# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                vnic      1500   up       ?

root@zone1:~#  ipadm show-if
IFNAME     CLASS    STATE    ACTIVE OVER
lo0        loopback ok       yes    --
net0       ip       ok       yes    --

root@zone1:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
net0/v4           inherited ok          10.100.216.13/24
lo0/v6            static   ok           ::1/128


root@zone1:~# netstat -i
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
lo0   8232 loopback      zone1          44     0     44     0     0      0
net0  1500 zone1         zone1          32479  0     248    0     0      0

Name  Mtu  Net/Dest                    Address                     Ipkts  Ierrs Opkts  Oerrs Collis
lo0   8252 zone1                       zone1                       44     0     44     0     0

root@zone1:~# route -p show
add persistent net -name route-1 default: gateway 10.100.216.1


root@zone1:~# ping  10.100.216.161
no answer from 10.100.216.161

Any advice or assistance is greatly appreciated

Configuration looks fine, can you show output of :

dladm show-vnic

Question, are you running this on some virtualization solution (kvm/qemu, vmware, LDOM or alike) ?

Regards
Peasant.

Hi and Many Thanks for replying.

This is running Solaris 11.4 (x86) on vSphere 6.5

details as requested

GZ
------------------
GMS-SOl114_global> dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
zone1/net0 net0 1000 2:8:20:ac:71:2d random VID:0
zone2/net0 net0 1000 2:8:20:50:bb:57 random VID:0
GMS-SOl114_global>

NGZ
---------
root@zone1:~# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE IDS
net0 ? 1000 2:8:20:ac:71:2d random VID:0

--- Post updated at 03:00 PM ---

Wow - Great Pointer...
Just seen that vSphere needs promiscous mode to be enabled !!!!
If I run a snoop on net0 - networking works - so could run this as a background task but
I'm looking for a better solution