Publishing firewall fails when a firewall rule in the universal section is applied to a specific Security Group in NSX
Article ID: 324797
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
When adding a distributed firewall rule to a universal section, if the rule is applied to a specific Security Group, the Publish operation will provide an error message:
Publishing firewall rule fails.
When adding a distributed firewall rule to a universal section, if the rule is applied to a specific Security Group, the Publish operation will provide an error message:
Publishing firewall rule fails.
Environment
VMware NSX for vSphere 6.3.x
Cause
The publish operation does succeed, but the NSX Manager is unable to update the status of the firewall due to transaction timing issue.
Resolution
This issue is resolved in VMware NSX for vSphere 6.4.0, available at VMware Downloads.
Workaround:
To work around this issue, clear this message from the GUI is to resync the NSX prepped clusters that use the Distributed Firewall.
To resync the Firewall on at the cluster level from NSX, navigate to:
Network and Security > Installation > Host Preparation > Select a Cluster > Actions > Force Sync Services > Check the "Firewall" box > click OK.
Workaround:
To work around this issue, clear this message from the GUI is to resync the NSX prepped clusters that use the Distributed Firewall.
To resync the Firewall on at the cluster level from NSX, navigate to:
Network and Security > Installation > Host Preparation > Select a Cluster > Actions > Force Sync Services > Check the "Firewall" box > click OK.
Feedback
Yes
No
Powered by
