• Unable to view DFW rules in vCloud Director
• Get the following error when trying to view Distributed Firewall Rules in VCD: Unable to parse Uniform Resource Name (URN) ID: 'urn:vcloud:firewallGroup:internal'
• Viewing the Distributed Firewall rules via the following API also returns the same error: /cloudapi/1.0.0/vdcGroups/{vdcGroupId}/dfwPolicies/{policyId}/rules
• Viewing the rules in NSX works fine

VMware Cloud Director 10.6.1

This issue occurs when there are Distributed Firewall rules that use Groups that were not created in VCD

Verify if the Datacenter Groups in VCD UI match the Groups in NSX UI:

• NSX UI > Security > Distributed Firewall > Default_VdcGroup_<vdc_group_name>
• VCD UI > Datacenter Group > Security > IP Sets/Static Group/Dynamic Group

Ensure that only Groups made/visible in VCD are used in the DFW rules in that Data Center Group

To get the full list of the Datacenter Groups, run the following command via SSH to the Primary Cell: 

sudo -i -u postgres psql vcloud -c "select * from firewall_group where vdc_group_id = '########-####-####-####-############';"

The vdc_group_id can be found from the URL when the Datacenter Group is clicked and should be like: urn:vcloud:vdcGroup:########-####-####-####-############