[VMC on AWS] Gateway Firewall status in the Failed state
Article ID: 317506
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To understand the cause and remediation steps for this issue.
Symptoms:
Symptoms:
- Compute Gateway Firewall status in NSX will be in the Failed state as shown in the image below:-
- The North-South connectivity from/to the VMs behind the Compute Gateway router may be impacted.
- Creating new firewall rules and updating existing firewall rules is not working.
- The SDDC is version 1.22.
Cause
There is a gradual memory leak in the NSX Firewall service affecting NSX 4.1.0 in SDDC version 1.22.
Resolution
This issue is resolved in SDDC version 1.22v8 and all 1.24 versions.
Workaround:
The current workaround is to perform an NSX Edge failover. To have this workaround applied, please open a ticket with the VMware Cloud support team: How do I get support
Workaround:
The current workaround is to perform an NSX Edge failover. To have this workaround applied, please open a ticket with the VMware Cloud support team: How do I get support
Additional Information
Impact/Risks:
While in the failed state, north/south traffic may be impacted and will not work until the workaround is applied.
Also, new firewall rules, or updates to existing firewall rules, may not work in this state.
The workaround will impact north/south traffic for a brief period of time, even if it was not impacted due to this issue.
While in the failed state, north/south traffic may be impacted and will not work until the workaround is applied.
Also, new firewall rules, or updates to existing firewall rules, may not work in this state.
The workaround will impact north/south traffic for a brief period of time, even if it was not impacted due to this issue.
Feedback
Yes
No
Powered by
