DFW Rules statistics information is not displayed in the NSX UI.
search cancel

DFW Rules statistics information is not displayed in the NSX UI.

book

Article ID: 402265

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Issue:

Some Distributed Firewall (DFW) rule statistics (hit count and flow count, etc.) are not displayed in the NSX GUI.

 

Symptoms:

  • The rule is applied on the host and functions as expected.
  • Rule statistics are visible via the vsipioctl filter stats command.
  • The GET API call for the DFW rule returns the following error "Invalid Id '<name of the rule>' for 'CommunicationEntry'. It is either missing or NULL, or contains spaces or slashes or percent signs or backslashes or semicolons or made only of periods."
  • Restarting the Proton service did not resolve the issue..


Example log:


root@nsx-mngr-x:~# curl -k -u admin:'VMware1!VMware1!' \
"https://nsx-mngr-x/policy/api/v1/infra/domains/default/security-policies/NEW/rules/%E6%96%B0%E8%A6%8F%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC/statistics?enforcement_point_path=/infra/sites/default/enforcement-points/default"
{
  "httpStatus" : "BAD_REQUEST",
  "error_code" : 500012,
  "module_name" : "Policy",
  "error_message" : "The path=[/infra/domains/default/gateway-policies/æ°è¦ããªã·ã¼] is invalid"
}

 

Environment

NSX-T Data Center 3.1.x

NSX-T Data Center 3.2.x

Cause

The X-Nsx-Context-Path header is not URL-encoded. Without proper encoding, endpoints containing special or non-ASCII characters may be rejected.

  • If such characters are included in the rule name, the statistics information for that specific rule will not be displayed.

  • If such characters are included in the policy name, the statistics information for all rules under that policy will not be displayed.



Workaround:

As a workaround, customers can use regular policy API with the contentType = application/json;charset=UTF-8 to get the data.

Example log:

 curl -k -u admin:'VMware1!VMware1!' \
  -H "Accept: application/json;charset=UTF-8" \
  -H "Content-Type: application/json;charset=UTF-8" \
  "https://nsx-mngr-01.corp.local/policy/api/v1/infra/domains/default/security-policies/NEW/rules/%E6%96%B0%E8%A6%8F%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC/statistics?enforcement_point_path=/infra/sites/default/enforcement-points/default"


{
  "results" : [ {
    "enforcement_point" : "/infra/sites/default/enforcement-points/default",
    "statistics" : {
      "rule" : "/infra/domains/default/security-policies/NEW/rules/%E6%96%B0%E8%A6%8F%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC",
      "internal_rule_id" : "1006",
      "packet_count" : 27,
      "byte_count" : 2696,
      "session_count" : 12,
      "hit_count" : 12,
      "l7_accept_count" : 0,
      "l7_reject_count" : 0,
      "l7_reject_with_response_count" : 0,
      "popularity_index" : 12,
      "max_popularity_index" : 627,
      "max_session_count" : 91285,
      "total_session_count" : 115903
    }
  } ],
  "result_count" : 1

Resolution

This issue is fixed in  NSX-T Data Center 3.2.5.0 and NSX-T Data Center 4.x 

Powered by Wolken Software