This is due to reaching or passed the max allowed sequence number of 999,999, so policy creation fails.

A sequence number gap is created between policies to allow for policies to be inserted between existing policies. 

In environments with a large number of policies, the default gap is too large, resulting in the maximum allowed sequence number to be hit.

To resolve this issue, use the below API call to create a new policy with a revise flag to resequence the policies and reduce the size of the gap:

POST - https://<policy>/policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>?action=revise&operation=insert_top
 {

 }

Example:

POST - https://<policy>/policy/api/v1/infra/domains/default/security-policies/TEST_POLICY?action=revise&operation=insert_top
 {

 }

Command from the NSX Manager:

curl -k -u admin -H "Content-Type:application/json" -X POST 'https://localhost/policy/api/v1/infra/domains/default/security-policies/TEST_POLICY?action=revise&operation=insert_top' -d '{ }'

Sequence numbers can be set per policy to 50 or more. To revise the order it is a manual process done on each policy using a PUT API call. The steps are as follows:

1: Gather all the policy details:

GET https://<nsx_manager>/api/v1/infra/domains/default/security-policies

2: Get details of specific policy:

GET https://<nsx_manager>/api/v1/infra/domains/default/security-policies/<policy_id>

3: Copy the result of this GET into body of the following command, changing the revision number to the desired value: eg:  "sequence_number": 75,

4: Change the GET to a PUT to update the policy:

PUT https://<nsx_manager>/api/v1/infra/domains/default/security-policies/<policy_id>

5: Use GET API again to confirm the sequence number has updated

GET https://<nsx_manager>/api/v1/infra/domains/default/security-policies/<policy_id>