[VMC on AWS] Unable to access services in the SDDC after an SDDC upgrade to 1.20
search cancel

[VMC on AWS] Unable to access services in the SDDC after an SDDC upgrade to 1.20

book

Article ID: 329950

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

To provide a workaround to access services within the SDDC.

Symptoms:
The SDDC has been upgraded to version 1.20 or newer. 
After the upgrade, once accessible services can no longer be reached. 
When viewing the "Rule Hits Statistics" for the firewall rule, the Hits and Sessions count is zero (0). 
The logs do not show any traffic hitting the firewall rule. 
Modifying the firewall rule does not resolve the issue.

Cause

This is caused by the rule being disabled during the SDDC upgrade.
When upgraded to version 1.20 or newer, any disabled rules will continue to be disabled on NSX, regardless of the rule's enablement state in the NSX UI.

Resolution

There is currently no resolution to this known issue. A future version of the SDDC bundle will include a fix to this issue.

Workaround:
There are currently two workarounds for this issue. 
  1. Clone the affected firewall rule. 
    1. Verify the affected firewall rule is "Enabled". 
    2. Click on the firewall rule and select "Clone". 
    3. Once cloned, name the rule and keep the rule "Enabled". 
    4. The originally problematic firewall rule can be deleted once the new rule has been verified to work. 
  2. Create a new firewall rule with the required settings. 
    1. To create a new rule, follow the process documented in Add or Modify Compute Gateway Firewall Rules .
    2. Once the new rule has been created, the affected rule can be deleted. 


Additional Information

Impact/Risks:
Customers will be blocked from accessing specific SDDC services which were previously access via a specific MGW Firewall rule prior to the SDDC upgrade.