- Identity Firewall (IDFW) can be enabled normally in the console, however its status will always show disabled. Attempting to enable it when it is already enabled will display an error, however it will otherwise function normally, observed error message is as follows.
"Error: Cannot create an object with /infra/settings/firewall/idfw/cluster/89e6cce0-ddb7-4470-9fd6-2e9d7xxxxxx:domain-cXX as it already exists. (Error code: 500157)"
- While the UI indicates that it is disabled, we observe through the following API call that the IDFW is actually enabled on the backend for the cluster.
{
"results": [
{
"cluster_idfw_enabled": true,
"member": {
"target_id": "89e6cce0-ddb7-4470-9fd6-2e9d7xxxxxx:domain-cXX",
"target_type": "VC_Cluster"
},
NOTE:Despite observing this error, we can still configure the Distributed Firewall (DFW) policy using IDFW.