GET /api/v1/firewall/sections?page_size=5
{
"results": [
{
"resource_type": "FirewallSection",
"id": "50a145c9-827f-4962-8028-1ab9e22f147e",
"display_name": "Default Malicious IP Block Rules",
"description": "default.default-malicious-ip-block-rules",
...
},
{
"resource_type": "FirewallSection",
"id": "4410e124-7afb-4810-b39d-06c5b7562679",
"display_name": "gsp3",
"description": "default.gsp3",
...
},
{
"resource_type": "FirewallSection",
"id": "62ed268f-e8db-4c84-bedb-9a9bcbe96094",
"display_name": "gsp2",
"description": "default.gsp2",
...
},
{
"resource_type": "FirewallSection",
"id": "d8ea8a53-c624-4390-bbe1-4fa43265932c",
"display_name": "gsp1",
"description": "default.gsp1",
...
},
{
"resource_type": "FirewallSection",
"id": "f2c6872f-5372-456d-a73c-22321d4b677a",
"display_name": "sp6",
"description": "default.sp6",
...
}
],
"result_count": 13,
"sort_by": "position",
"cursor": "0036f2c6872f-5372-456d-a73c-22321d4b677aRmlyZXdhbGxTZWN0aW9u"
}
GET /api/v1/firewall/sections?page_size=5&cursor=0036f2c6872f-5372-456d-a73c-22321d4b677aRmlyZXdhbGxTZWN0aW9u
{
"results": [
{
"resource_type": "FirewallSection",
"id": "aa610130-88bf-46f8-a813-097dc8133203",
"display_name": "sp5",
"description": "default.sp5",
...
},
{
"resource_type": "FirewallSection",
"id": "5c9df16d-d934-4454-ad1a-1f01cfbf55be",
"display_name": "sp4",
"description": "default.sp4",
...
},
{
"resource_type": "FirewallSection",
"id": "c03f8955-cfc2-42e6-8366-a42ecc88112a",
"display_name": "sp3",
"description": "default.sp3",
...
},
{
"resource_type": "FirewallSection",
"id": "5e3eb1b5-d096-4e94-8a53-5505a2b32956",
"display_name": "sp2",
"description": "default.sp2",
...
},
{
"resource_type": "FirewallSection",
"id": "fef1dac8-df3e-42d0-ae69-34e4adf5ce1c",
"display_name": "sp1",
"description": "default.sp1",
...
}
],
"sort_by": "position",
"cursor": "0036fef1dac8-df3e-42d0-ae69-34e4adf5ce1cRmlyZXdhbGxTZWN0aW9u"
}
GET /api/v1/firewall/sections?page_size=5&cursor=0036fef1dac8-df3e-42d0-ae69-34e4adf5ce1cRmlyZXdhbGxTZWN0aW9u (Last Page)
{
"results": [
{
"resource_type": "FirewallSection",
"id": "8bba3c1d-a37f-4485-9991-d92251e0b92e",
"display_name": "Policy_Default_Infra-tier1-T1-Gateway-01",
"description": "default.Policy_Default_Infra-tier1-T1-Gateway-01",
...
}
],
"sort_by": "position"
}
NSX Manager with security policies having duplicate sequence numbers.
Firewall sections are enforced based on their priority, meaning sections with smaller priority numbers are placed higher in the rule table, while those with larger priority numbers are placed lower.
A scenario where this issue could occur is when the policy manager allows security policies to have duplicate sequence numbers, which correspond to the priority numbers assigned to the firewall sections. The ListSections MP API returns a paginated view of the ordered list of firewall sections. If a page ends with a firewall section that has a duplicate priority number, the next page may skip firewall sections with the same or duplicate priority values in the API response.
Another scenario involves having two or more logical routers created via MP APIs, which results in a system-generated default Layer 3 gateway section for each gateway with a fixed default priority value. The ListSections MP API supports fetching all Layer 3 firewall sections, including DFW and GFW enforcements. In this case, the default gateway sections (applied to different gateways) will have duplicate system-assigned priority values, leading to pagination issues.
Firewall ListSections MP API is fixed in versions 4.2.1.2 and 9.0 onwards.
Since ListSections MP API is a deprecated API, it is recommended to use corresponding policy APIs to manage the security posture (e.g. GET /infra/domains/{domain-id}/security-policies to fetch ordered list of security policies).
Alternatively the below search API can be used in absence of the fix to fetch the list of firewall sections.
GET /api/v1/search/query?sort_by=id&sort_ascending=true&query=resource_type:FirewallSection
Note: This API will not be guarantee ordering based on priority number.