The status of gateway FW rules is stuck in "in progress" state
Article ID: 324389
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- The Gateway firewall rule status is "In progress"
- There is no impact on the dataplane and the firewall rules are correctly applied.
- In the NSX-T Manager log (/var/log/proton/nsxapi.log) you can see the similar entries:
2021-03-25T16:24:47.196Z INFO FullSyncMsgLoader FirewallSectionFullSyncMessageProvider - FIREWALL [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Firewall is disabled for LogicalRouter b955628f-3559-48b0-921e-edeae6200aaa associated to this section FirewallSection/0173d997-a197-4bf7-9bcf-017b39ea2bbb, sending delete section message
2021-03-25T05:47:50.335Z INFO http-nio-127.0.0.1-7440-exec-22 NsxBaseRestController - - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Error in API /nsxapi/api/v1/firewall/sections/0173d997-a197-4bf7-9bcf-017b39ea2bbb/state caused by exception com.vmware.nsx.management.firewall.exceptions.FirewallException: {"moduleName":"NSX Firewall","errorCode":100251,"errorMessage":"Firewall is disabled. Can not get realization status."}
Environment
VMware NSX-T Data Center
Resolution
From NSX-T 3.1.0, the product has been improve to not report "In Progress" status on the Gateway Firewall when rules are disabled.
Workaround:
Ignore the "in progress" state or do not use "disabled" on firewall
Workaround:
Ignore the "in progress" state or do not use "disabled" on firewall
Additional Information
Impact/Risks:
The status reflects that some sections of firewall are in a disable state. There is no functional impact of the firewall
The status reflects that some sections of firewall are in a disable state. There is no functional impact of the firewall
Feedback
Yes
No
Powered by
