Firewall rule migration is failing with below error in /var/log/migration-coordinator/v2t/summary.log

{
    "success_count": 734,
    "failure_count": 1,
    "errors": [
        {
            "category": "Distributed Firewall",
            "error": "HTTP Error: 400: The path=[/infra/domains/default/groups/IPSet_MP-OPERA-05_dfw_vm-13920] is invalid for url: http://localhost:6440/policy/api/v1/infra/domains/default/groups/dfw_vm-13920"
        }
    ],
    "status": "error",
    "api_count": 735,
    "iteration": 1,
    "stage": "apply"
}

VMware NSX-T Data Center

VMware NSX

The DFW plugin relies on the security group utility to create wrapper group APIs for VMs that are directly accessed in a firewall rule (source/destination/appliedTo), as these cannot be directly migrated to NSX-T. The wrapper APIs may include additional APIs, such as IPsets containing the VM's IP address referenced in the wrapper API.

If you encounter this error during a NSX V to T migration, please contact Broadcom Technical Support for assistance.

See Creating and managing Broadcom support cases for details on opening a case.