Symptoms:
The following conditions are met:
- Container environments running NSX Container Plugin (NCP) 2.5.0
- When a Security Policy is created, updated and then updated again to restore the original configuration, the final configuration change is not reflected on the NSX-T DFW
Example scenario
- Create a Security Policy
e.g. Allow traffic on port 443
The Distributed Firewall Section and Rule is confirmed to be present in NSX-T
- Edit the Security Policy
e.g. Change the allowed traffic from port 443 to port 80
The Distributed Firewall Rule is updated in NSX-T
- Edit the Security Policy to change it back to the original configuration
In this example the Security Policy is changed to allow traffic on port 443
The DFW Rule is not updated in NSX-T and continues to show the last edit, allow port 80