Symptoms:
After triggering a sync on the "Security Policies" tab of the Service Composer section an internal server occurs:

VMware NSX Data Center for vSphere 6.4.x

This issue occurs after the "Default Section" of the "Partner Services" tab of the Firewall configuration is moved and deleted.


This causes one of the present sections to become the new default section. If the corresponding security policy gets removed, the deletion of the section fails as the default section cannot be deleted.

When trying to delete the section manually via REST API (e.g. DELETE /api/4.0/firewall/globalroot-0/config/layer3redirectsections/1004) before using the workaround you will see a response like this:
<?xml version="1.0" encoding="UTF-8"?>
<error>
    <errorCode>110458</errorCode>
    <details>Default Layer3 Redirection Section cannot be deleted.</details>
    <moduleName>vShield App</moduleName>
</error>

Currently, there is no resolution.

Workaround:
Create a new section in the "Partner Services" tab and name it "Default Section". Move this section to the bottom of the list, then publish again

Impact/Risks:
In this state, no changes to service composer rules will be published.