Unable to modify a parameter for rules under the "Default Layer3 Section" in DFW in NSX-T on Manager mode.
search cancel

Unable to modify a parameter for rules under the "Default Layer3 Section" in DFW in NSX-T on Manager mode.

book

Article ID: 345924

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

  • To unblock the customer if a situation as above may arise.


Symptoms:
  • Unable to modify a parameter for rules under the "Default Layer3 Section" in DFW in NSX-T on Manager mode.


Environment

VMware NSX-T Data Center

Cause

  • In a situation where customer has upgraded from a 2.x version to 3.x version of NSX-T, the rules that were created on NSX 2.x version, under the default section are now reflecting under the default section on the Manager UI, and these rules cannot be modified.
  • Staring from Grindcore (NSX T 3.0.0) Default Sections are owned by the Policy manager, and this read only option on the Manager UI is an expected behaviour. Modification on the Manger Ui are not permitted.
Note: It is recommended to not add any rules under the default section.

Resolution

  • This situation does not need a code change. This is an expected behaviour. Apply the workaround described in the relevant section.


Workaround:
  • We can use the below API call to modify the parameters in the default section on the Manager Ui.
  •        api/v1/firewall/sections/<default section id>/rules/<rule id>
  • Upon doing a GET against the above API, copy the content to a clipboard, modify the parameter that you intend to, then copy the modified content to the body of postman and do a PUT API, Add X-Allow-Overwrite: True, in the Headers section.


Additional Information

Impact/Risks:
  • We wont be able to modify any parameters from the UI, a hinderance to operations.


Powered by Wolken Software