[VMC on AWS] Unable to access services in the SDDC after an SDDC upgrade to 1.20
book
Article ID: 329950
calendar_today
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To provide a workaround to access services within the SDDC.
Symptoms: The SDDC has been upgraded to version 1.20 or newer. After the upgrade, once accessible services can no longer be reached. When viewing the "Rule Hits Statistics" for the firewall rule, the Hits and Sessions count is zero (0). The logs do not show any traffic hitting the firewall rule. Modifying the firewall rule does not resolve the issue.
Cause
This is caused by the rule being disabled during the SDDC upgrade. When upgraded to version 1.20 or newer, any disabled rules will continue to be disabled on NSX, regardless of the rule's enablement state in the NSX UI.
Resolution
There is currently no resolution to this known issue. A future version of the SDDC bundle will include a fix to this issue.
Workaround: There are currently two workarounds for this issue.
Clone the affected firewall rule.
Verify the affected firewall rule is "Enabled".
Click on the firewall rule and select "Clone".
Once cloned, name the rule and keep the rule "Enabled".
The originally problematic firewall rule can be deleted once the new rule has been verified to work.
Create a new firewall rule with the required settings.
Once the new rule has been created, the affected rule can be deleted.
Additional Information
Impact/Risks: Customers will be blocked from accessing specific SDDC services which were previously access via a specific MGW Firewall rule prior to the SDDC upgrade.