Unable to change Custom T1 default firewall policy
book
Article ID: 317512
calendar_today
Updated On:
Products
VMware NSXVMware Cloud on AWS
Issue/Introduction
- When attempting to change from "Allow" to "Drop" or "Reject", a similar error message is seen: - User is not authorized to perform this operation on the application. Please contact the system administrator to get access.
Environment
VMware NSX-T Data Center VMware NSX-T Data Center 3.x
VMC on AWS
Cause
The cloudadmin account and role does not have the privileges to update the Action for the default policy.
Resolution
This issue is resolved in SDDC versions 1.19 and newer.
Workaround:
If the SDDC version is previous to 1.19, a new Gateway Firewall Policy can be created with either Drop or Reject as the Action.
A policy would need to be implemented for each additional T1 if there are multiple T1s.
Additional Information
Impact/Risks: Changes to the default policy within customer Tier-1 Gateway Firewall rules cannot be made.