Alarm for number of rules on an edge has exceeded the maximum limit (20,000)
search cancel

Alarm for number of rules on an edge has exceeded the maximum limit (20,000)

book

Article ID: 369482

calendar_today

Updated On:

Products

VMware NSX Firewall VMware vDefend Firewall

Issue/Introduction

Event ID: gateway_firewall.rules_limit_per_edge_exceeded

Added in release: 4.2.1

Alarm Description:

  • Purpose: Rule limit on edge has exceeded the maximum limit (20,000)
  • Impact: Dataplane functions may be impacted due to high scale. Time for configuration to get realized will be significantly high.

Environment

VMware NSX-T Data Center 4.2.1

Cause

Number of rules on an edge have exceeded the limit of 20k.

Resolution

Reduce the number of gateway firewall rules configured for the edge node.

Log in into the Edge node and invoke the NSX CLI command ‘get firewall <interface_uuid> ruleset <rules/stats>’  to check the number of rules configured for various interfaces. Reduce the number of rules configured for various interfaces.

The total rule limit includes all rules - gateway firewall rules, bridge firewall rules, NAT rules, LB rules, IPSEC rules, SI rules (in case of HCX).

If there are excessive LB rules, consider moving the load balancer to another edge.

Powered by Wolken Software