Firewall rule statistics illustrate as 0 in the NSX UI when using NSX 4.1.2 or NSX 4.1.2.1
book
Article ID: 314277
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
You are using NSX 4.1.2 or NSX 4.1.2.1
The Advanced Loadbalancer (ALB) is configured in the NSX UI.
You are unable to view firewall rules statistics like hit counts, session counts etc. from the NSX UI in policy mode as they are reported as 0.
Distributed firewall (DFW) and Gateway firewall (GWFW) are affected.
Environment
VMware NSX-T Data Center VMware NSX-T Data Center 4.x
Cause
This is a known issue in NSX 4.1.2 and 4.1.2.1
When ALB appliance is deployed in the environment there is more than one enforcement point, i.e. alb-endpoint and default.
The alb-endpoint is getting passed during the rule stat API call from UI.
The rule stats API expects the default enforcement point and hence returns the 0 results.
Resolution
This issue is resolved in NSX 4.1.2.3
Workaround: The workaround this issue, use the following API call and specify the enforcement_point_path as alternatives:
For example: GET https://<NSXMgr>/policy/api/v1/infra/domains/default/security-policies/<section_name>/rules/<rule_name>/statistics?enforcement_point_path=/Infra/sites/default/enforcement-points/default