Alarm for number of rules on an edge is approaching the maximum limit (20,000)
search cancel

Alarm for number of rules on an edge is approaching the maximum limit (20,000)

book

Article ID: 369481

calendar_today

Updated On:

Products

VMware NSX Firewall VMware vDefend Firewall

Issue/Introduction

Event ID: gateway_firewall.rules_limit_per_edge_approaching

Added in release: 4.2.1

Alarm Description:

  • Purpose: Rule limit on edge is approaching the maximum limit (20,000)

  • Impact: Dataplane functions may be impacted due to high scale. Time for configuration to get realized will be significantly high.

Environment

VMware NSX-T Data Center 4.2.1

Cause

Number of rules on an edge have scaled close to the limit of 20k.

Resolution

Reduce the number of gateway firewall rules configured for the edge node.

Log in into the Edge node and invoke the NSX CLI command ‘get firewall <interface_uuid> ruleset <rules/stats>’  to check the number of rules configured for various interfaces. Reduce the number of rules configured for various interfaces.

The total rule limit includes all rules - gateway firewall rules, bridge firewall rules, NAT rules, LB rules, IPSEC rules, SI rules (in case of HCX).

If there are excessive LB rules, consider moving the load balancer to another edge.

Powered by Wolken Software