Firewall rule statistics illustrate as 0 in the NSX UI when using NSX 4.1.2 or NSX 4.1.2.1
search cancel

Firewall rule statistics illustrate as 0 in the NSX UI when using NSX 4.1.2 or NSX 4.1.2.1

book

Article ID: 314277

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • You are using NSX 4.1.2 or NSX 4.1.2.1
  • The Advanced Loadbalancer (ALB) is configured in the NSX UI.
  • You are unable to view firewall rules statistics like hit counts, session counts etc. from the NSX UI in policy mode as they are reported as 0.
  • Distributed firewall (DFW) and Gateway firewall (GWFW) are affected.


Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 4.x

Cause

This is a known issue in NSX 4.1.2 and 4.1.2.1
  • When ALB appliance is deployed in the environment there is more than one enforcement point, i.e. alb-endpoint and default.
  • The alb-endpoint is getting passed during the rule stat API call from UI.
  • The rule stats API expects the default enforcement point and hence returns the 0 results.

Resolution

This issue is resolved in NSX 4.1.2.3

Workaround:
The workaround this issue, use the following API call and specify the enforcement_point_path as alternatives:

For example:
GET https://<NSXMgr>/policy/api/v1/infra/domains/default/security-policies/<section_name>/rules/<rule_name>/statistics?enforcement_point_path=/Infra/sites/default/enforcement-points/default