• When attempting to apply a Default Application port profile to an Edge Gateway, an error similar to the following is encountered:
  
  Error occurred in the backing network provider: Unsupported App Level Gateway (ALG) Type : MS_RPC_TCP., error code 515009
  
  

• VMware Cloud Director 10.5.1
• VMware Cloud Director 10.5.1.1
• VMware Cloud Director 10.6.0.1

• This issue occurs due to limitations in NSX and can be noted by the trailing error code xxxxx.

The backing NSX infrastructure limits the built-in App Level Gateway (ALG) items that can be assigned to gateway firewalls, as noted in the following document:

https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/administration-guide/inventory/add-a-service.html

"Note:
The following built-in ALGs for DFW are supported: FTP, TFTP, MS_RPC_TCP, MS_RPC_UDP, ORACLE_TNS, SUN_RPC_TCP and SUN_RPC_UDP.
The following built-in ALGs for Gateway Firewall are supported: FTP and TFTP."

Assigning an unsupported ALG via VMware Cloud Director to the Edge Gateway Firewall will fail in the underlying NSX implementation, resulting in this error. This includes assigning a service that contains an unsupported ALG service entry, as in the following example:

If alternate existing Default Application port profiles cannot provide the desired configuration, a custom application port profile can be created in VMware Cloud Director:

Add an Application Port Profile to a Data Center Group in the VMware Cloud Director Tenant Portal

Examples of ALG service port replacements can be found in the following article:

Unable to create Compute Gateway Firewall rule with the error "Unsupported App Level Gateway (ALG) Type" on VMware Cloud on AWS