Modify DFW rules in NSX-T with Terraform greater than 0.13.4 leads to incorrect placement of rules
search cancel

Modify DFW rules in NSX-T with Terraform greater than 0.13.4 leads to incorrect placement of rules

book

Article ID: 322406

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • You are using terraform to apply NSX-T configurations.
  • You are using NSX-T terraform provider less than 3.3.2.
  • When you apply DFW rules using H-API the rules get placed incorrectly in the middle of the policy.
  • If you add the rule sequence number, the rules get placed correctly at the bottom of the policy.
  • Whereas when adding rules in terraform version 0.13.4 and no sequence number, the rules would be placed correctly at the bottom of the policy.


Environment

VMware NSX-T

Cause

If no sequence number is provided, the rule_id is used, under certain conditions, this can lead to incorrect rule placement.

Resolution

This issue is resolved in NSX-T terraform provider 3.3.2, whereby a more robust solution is in place to ensure correct rule placement.

Workaround:
Please use the sequence number when updating DFW rules.

Powered by Wolken Software