Unable to change Custom T1 default firewall policy
search cancel

Unable to change Custom T1 default firewall policy

book

Article ID: 317512

calendar_today

Updated On:

Products

VMware NSX VMware Cloud on AWS

Issue/Introduction

- When attempting to change from "Allow" to "Drop" or "Reject", a similar error message is seen:
- User is not authorized to perform this operation on the application. Please contact the system administrator to get access.

Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMC on AWS

Cause

The cloudadmin account and role does not have the privileges to update the Action for the default policy.

Resolution

This issue is resolved in SDDC versions 1.19 and newer. 
 

Workaround:
If the SDDC version is previous to 1.19, a new Gateway Firewall Policy can be created with either Drop or Reject as the Action.
A policy would need to be implemented for each additional T1 if there are multiple T1s.

Additional Information

Impact/Risks:
Changes to the default policy within customer Tier-1 Gateway Firewall rules cannot be made.