Issue with creation of new stateful mode firewall rule for an edge in a Data Center group in VMware Cloud Director
Article ID: 393149
Updated On:
Products
Issue/Introduction
- After creating a new firewall rule for VMware Cloud Director edge with stateful mode enabled which is a part of a Data Center group, the edge displays as stateless mode in NSX-T manager.
- Gateway Firewall Rule Section not created in Stateful mode for Data Center Group Edges.
Environment
VMware Cloud Director 10.6.1
Cause
This issue is caused by the stateful firewall not being enabled when the edge gateway is created in the Datacenter Group
Resolution
This issue is resolved in VMware Cloud Director 10.6.1.1 and is available at Broadcom Downloads.
Workaround
The workaround available for the the issue is to create the edge gateway with stateful mode enabled in the Organization Virtual Data Center before adding the edge gateway as a part of Datacenter group in VMware Cloud Director UI.
After the edge gateway is created please add the firewall rules to the edge gateway you can then add the edge to a datacenter group.
To verify if the firewall rules are in stateful mode:
Go to NSX Manager UI > Security > Policy Management > Gateway Firewall > Gateway Specific Rules > Gateway Name.
Note: Please be advised that any Edge Gateways created within a Data Center Group and not directly within an Organization Virtual Data Center (OVDC) and then imported to a Data Center Group must be re-deployed in order to enable the creation of firewall rules in stateful mode this also applies to Edge Gateways created prior to upgrading to VMware Cloud Director 10.6.1.1.
Feedback
