NSX 3.2.0.x allows service to be ANY if Context Profile is FTP
book
Article ID: 322595
calendar_today
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
Symptoms:
- NSX-T 3.2.0.x Distributed Firewall (DFW) rule configured with FTP context profile and service is set to ANY.
- This configuration is invalid for prior versions to 3.2.0.x and newer versions.
- Post upgrade from 3.2.0.x to a newer version, rules cannot be added or modified.
- The below error in the NSX UI post NSX Upgrade when you attempt to add or modify any rules.
Environment
VMware NSX-T Data Center 3.x
Cause
In version NSX-T data center version 3.2.0.x, a validation was missed which allowed the FTP context profile rule to be set without the service type.
Resolution
This is a known issue impacting NSX-T data center 3.2.0.x.
This is issue is not present in versions prior or post NSX-T data center 3.2.0.x.
Workaround:
Delete the FTP context profile firewall rule or modify the rule and change the service from ANY.
Feedback
thumb_up
Yes
thumb_down
No