Publishing fails after updating/creating distributed firewall rules
search cancel

Publishing fails after updating/creating distributed firewall rules

book

Article ID: 338620

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

After updating or creating a distributed firewall rule the publish fails with the error "Must be a valid IPv4 or IPv6 address (with or without prefix length) or hyphenated range.

Environment

VMware NSX Data Center for vSphere 6.4.x

Cause

Due to this issue, comma separated lists of IP, IP ranges or CIDR notation are currently not accepted as a valid source/destination for distributed firewall rules

Examples of not accepted sources/destinations:
  • 192.168.1.1, 192.168.1.5
  • 10.5.10.1-10.5.10.10, 10.5.20.1
  • 192.168.20.0/24, 10.20.1.0/24

Resolution

This issue is resolved in VMware NSX Data Center for vSphere 6.4.7 and later versions

To work around the issue, either:

  • Adjust the affected rules to use IP-Sets instead of comma separated lists
  • Adjust the affected rules to have one IP per line instead of all IPs in one line