[VMC on AWS] Error observed when attempting to enable IDFW on a cluster
Article ID: 314093
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
- Identity Firewall (IDFW) can be enabled normally in the console; however its status will always show disabled. Attempting to enable it when it is already enabled will display an error, however it will otherwise function normally, observed error message is as follows.
"Error: Cannot create an object with /infra/settings/firewall/idfw/cluster/89e6cce0-ddb7-4470-9fd6-2e9d7xxxxxx:domain-cXX as it already exists. (Error code: 500157)"
- While the UI indicates that it is disabled, we observe through the following API call that the IDFW is actually enabled on the backend for the cluster.
{ "results": [ { "cluster_idfw_enabled": true, "member": { "target_id": "89e6cce0-ddb7-4470-9fd6-2e9d7xxxxxx:domain-cXX", "target_type": "VC_Cluster" },
Note: Despite observing this error, we can still configure the Distributed Firewall (DFW) policy using IDFW.
Resolution
This will be resolved in an upcoming release.
Reach out to VMware Support for assistance in Enabling/Disabling IDFW.
After the workaround is applied, the cluster status may still show as disabled. This is a known issue. VMCS Support can confirm if the feature is enabled or disabled.
Reach out to VMware Support for assistance in Enabling/Disabling IDFW.
After the workaround is applied, the cluster status may still show as disabled. This is a known issue. VMCS Support can confirm if the feature is enabled or disabled.
Feedback
Yes
No
Powered by
