Error "Invalid IP mask bits specified. Number of bits provided is 0." displayed when trying to filter firewall rules by source/destination IP
Article ID: 324387
Updated On:
Products
VMware vDefend Firewall
VMware NSX
Issue/Introduction
Symptoms:
When trying to apply a firewall rule filter using a valid source/destination IP as the filtering criteria, the error "Invalid IP mask bits specified. Number of bits provided is 0." is displayed at the top of the firewall section.
the vsm.log will also contain lines similar to these:
2019-08-25 11:01:53.100 CEST WARN http-nio-127.0.0.1-7441-exec-109 RemoteInvocationTraceInterceptor:88 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.firewall.facade.IFirewallUIFacade.getL3Configuration InvalidNumMaskBitsException: core-services:1427:Invalid IP mask bits specified. Number of bits provided is 0.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment
Environment
VMware NSX-T Data Center
Cause
This particular issue is triggered when firewall rules containing 0.0.0.0/0 as source/destination are in use in the environment.
These firewall rules are valid and supported but the UI currently does not handle these correctly.
These firewall rules are valid and supported but the UI currently does not handle these correctly.
Resolution
This issue is resolved in VMware NSX Data Center for vSphere 6.4.7
Workaround:
The only workaround at this point is to not use 0.0.0.0/0 as the source/destination in firewall rules.
Workaround:
The only workaround at this point is to not use 0.0.0.0/0 as the source/destination in firewall rules.
Feedback
Yes
No
Powered by
