Alarm for gateway_firewall.service_router_with_gfw_per_edge_exceeded
search cancel

Alarm for gateway_firewall.service_router_with_gfw_per_edge_exceeded

book

Article ID: 378458

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Event ID: gateway_firewall.service_router_with_gfw_per_edge_exceeded

Added in release: 9.0.0

Alarm Description:

  • Purpose: The number of Tier0/Tier1 Logical Routers or bridges with Gateway Firewall feature enabled with non zero rules on edge has exceeded the maximum limit.

  • Impact : Dataplane functions may be impacted due to high scale. Increased time for configuration to get realized.

Environment

VMware NSX Data Center 9.0.0

Cause

Number of T0/T1s have scaled beyond the allowed limits.

Note: For optimal performance and throughput, it is recommended to follow the guidelines below based on vDefend 9.0.0 Configuration Limits.

 

Edge Form Factor Max number of Gateway Firewalls Description
Medium 5 Deployed either as T0, T1 or Bridge mode on the same edge node
Large or Extra Large 10 Can be a combination of either T0, T1, or Bridges. If using only L4 / L7 without ATP - you can deploy up to 25 Firewalls
Baremetal 25 Can be a combination of either T0, T1, or Bridges. If using only L4 / L7 without ATP - you can deploy up to 100 Firewalls

 

Resolution

Reduce the number of gateways configured on the edge node. Map additional gateways to a new edge in the cluster.

Disable Gateway Firewall feature on the gateway if no firewall rules are configured.

Powered by Wolken Software