• The vmkernel.log file on the ESXi host shows the following log entry:

2018-09-11T19:20:36.453Z cpu2:2157823)pfp_insert_ruleid: Error Inserting rule Curr 1019, new 1019
2018-09-11T19:20:36.453Z cpu2:2157823)pfp_insert_ruleid: Error Inserting rule Curr 1019, new 1019

• The above log message may be logged constantly in the vmkernel.log file which leads to decreased log retention
• The Distributed Firewall (DFW) rule configuration on the ESXi host shows the same port and protocol is duplicated within the rule (notice in the example below, TCP port 443 appears twice in rule 1019):

vsipioctl getrules -f <filter> | grep 1019
  rule 1019 at 1 inout protocol tcp from any to any port 443 accept;
  rule 1019 at 2 inout protocol tcp from any to any port 443 accept;

VMware NSX for vSphere 6.4.x

The issue occurs because the DFW rule configured in NSX Manager contains multiple services that reference the same port and protocol.  The message is logged when DFW detects the duplicate rule configuration.

The issue can occur when using Application Rule Manager feature when there are multiple services defined in NSX Manager for the same port and protocol.

This issue is resolved in VMware NSX for vSphere 6.4.5.