Default CGW Firewall Rules rule re-ordering in VMC UI
search cancel

Default CGW Firewall Rules rule re-ordering in VMC UI

book

Article ID: 314097

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

We can Add or Modify Compute Gateway Firewall Rules in VMC UI

A rule created from the ADD NEW RULE button is placed at the top of the list of rules. Firewall rules are applied in order from top to bottom. To change the position of a rule in the list, select it and drag it to a new position. Click PUBLISH to publish the change.

More details, 
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-A5114A98-C885-4244-809B-151068D6A7D7.html

Symptoms:
Currently, VMC UI allows users to create user defined rules and publish in any order. It allows Users to move below or above outside of the user defined section.

Here is the quick illustration,
User created Rules in VMC UI [ Rule 1, 2 and 3] are initially above the "Default VTI Rule"

image.png

User defined rules in VMC UI moved below "Default VTI Rule"

image.png


Cause

In the NSX Manager UI, the user created rules are grouped under section "Default" as below and does not allow the rules to be moved out of this section.

image.png


However this option is currently not available in VMC UI, and the behavior is observed across all SDDC versions and even in M12.

Resolution

Currently, this is a known behavior and a feature request is being raised to be fixed in the upcoming releases.

Workaround:
We need to perform some Rule Reordering to rearrange them back to the default Rule Ordering.
  • Move the re-arranged Default rules to the third slot from the bottom of the list, and hit PUBLISH.
  • Followed with moving the Default rule again to the second from bottom position and PUBLISH.


Additional Information

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-A5114A98-C885-4244-809B-151068D6A7D7.html

Impact/Risks:
When we re-order the User defined rules below the Default Rules, and Click PUBLISH, the user defined rules get rearranged and creates order relocation. To prevent this, the Rules should not be allowed to be moved out of the section. For example User defined rules should not be allowed to be moved below or above the default Rules in VMC UI.