Publishing firewall rules after upgrading to NSX-v 6.3.5 fails
Article ID: 321269
Updated On:
Products
VMware NSX for vSphere
Issue/Introduction
Symptoms:
- Publishing Distributed Firewall rules after upgrading to NSX-v 6.3.5 fails.
- Rule creation with "Applied To" as NSX-ESG-Gateway with non-default Direction values can no longer be published.
- Attempting to publish a firewall rule results in an error similar to:
' Publishing of rule set has failed. Please see the tech support logs.
[Error Details: Invalid direction value : out at index 16, rule type : LAYER3]'
In this example the issue is with firewall rule 16, and the Direction is set to 'Out'.
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.2.x
Cause
This issue occurs because In NSX-v 6.3.5, rule enforcement is more stringent where 'Applied To' includes the NSX-ESG-Gateway.
Resolution
To resolve this issue, consider the following:
- DFW rules cannot specify 'In' or 'Out' when 'Applied To' includes NSX-ESG-Gateway.
- This does not apply to firewall rules, where destination is only 'Distributed Firewall'.
- On rules that specify 'In' or 'Out' on Direction, where 'Applied To' includes NSX-ESG-Gateway, change Direction to 'In/Out'.
Feedback
Yes
No
Powered by
