Publishing fails after updating/creating distributed firewall rules
book
Article ID: 338620
calendar_today
Updated On:
Products
VMware NSXVMware vDefend Firewall
Issue/Introduction
After updating or creating a distributed firewall rule the publish fails with the error "Must be a valid IPv4 or IPv6 address (with or without prefix length) or hyphenated range.”
Environment
VMware NSX Data Center for vSphere 6.4.x
Cause
Due to this issue, comma separated lists of IP, IP ranges or CIDR notation are currently not accepted as a valid source/destination for distributed firewall rules
Examples of not accepted sources/destinations:
192.168.1.1, 192.168.1.5
10.5.10.1-10.5.10.10, 10.5.20.1
192.168.20.0/24, 10.20.1.0/24
Resolution
This issue is resolved in VMware NSX Data Center for vSphere 6.4.7 and later versions
To work around the issue, either:
Adjust the affected rules to use IP-Sets instead of comma separated lists
Adjust the affected rules to have one IP per line instead of all IPs in one line