• When attempting to publish DFW rule changes in NSX, the rules may remain in an "In Progress" state and do not get applied to the affected hosts as expected.
• On the impacted ESXi hosts, you may observe log entries similar to the following in the /var/run/log/nsx-syslog.log file:

2025-05-07T22:10:12.910Z cfgAgent[xxxxxxxx]: NSX xxxxx - [nsx@6876 comp="nsx-controller" subcomp="cfgAgent" tid="xxxxx" level="warn"] DaemonHealthMonitor: nsx-proxy echo timeout (60 sec)
2025-05-07T22:10:12.910Z cfgAgent[xxxxxxxx]: NSX xxxxx - [nsx@6876 comp="nsx-controller" subcomp="cfgAgent" tid="xxxxx" level="warn"] DaemonHealthMonitor: ping nsx-proxy failed

VMware NSX 3.2.1.x

The issue occurs because the Daemon Health Monitor ping requests to the "nsx-proxy" service on the ESXi host are failing. This failure disrupts the communication between the NSX Manager and the ESXi host, preventing updates such as DFW rule changes from being successfully pushed and applied.

To resolve the issue, restart the following NSX agents on the affected ESXi host one after the other. Monitor for improvements after each restart before proceeding to the next:

/etc/init.d/nsx-proxy restart
/etc/init.d/nsx-opsagent restart
/etc/init.d/nsx-cfgagent restart
/etc/init.d/nsx-nestdb restart

This should restore communication between the NSX Manager and the ESXi host, allowing DFW rule changes and other updates to be pushed and applied successfully.