Gateway Firewall Settings Page Not Loading on NSX Global and Local Managers
search cancel

Gateway Firewall Settings Page Not Loading on NSX Global and Local Managers

book

Article ID: 407366

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

Navigating to Security → Gateway Firewall → Settings in the NSX Manager UI results in the page being stuck in a continuous loading state and never displaying the expected settings.

Environment

 VMware NSX 4.2.0 and 4.2.1.

Cause

The NSX UI fails to load the Gateway Firewall Settings page when one or more Tier-0 (T0) gateways are missing the T0SecurityConfig object or its features array.

The NSX UI expects each Tier-0 gateway to have a valid T0SecurityConfig that includes a features attribute. When this attribute is missing or empty, the UI fails to parse the configuration, and the Gateway Firewall Settings page does not render properly.

Steps to verify:

1) Collect a HAR file by using below KB while reproducing the issue:

https://knowledge.broadcom.com/external/article/378318

2) In the HAR file, locate the response to the following API requests, depending on your environment:

For Global Manager:

GET https://<NSX-Manager-IP>/global-manager/api/v1/search/aggregate?page_size=50&cursor=0&sort_by=display_name&sort_ascending=true

For Local Manager:

GET https://<NSX-Manager-IP>/policy/api/v1/search/aggregate?page_size=50&cursor=0&sort_by=display_name&sort_ascending=true

In the response content, you may observe that the security_features array under the related section is empty, For example, in the case of the Global Manager:

"primary": {
        "default_rule_logging": false,
        "_last_modified_user": "system",
        "multi_vrf_inter_sr_routing": false,
        "owner_id": "#########-####-####-####-###########",

                 .......
       
        },
        "_meta": {
          "identifier": "/global-infra/tier-0s/#########-####-####-####-###########",
          "site_ids": [
            "#########-####-####-####-###########",
            "#########-####-####-####-###########"
          ],
          "stream_tag": "search_policy",
          "is_global_object": true,
          "_last_modified_time": ##########,
          "db_identifier": "/global-infra/tier-0s/#########-####-####-####-###########",
          "has_bgp_routing_config": true
        },
        "_protection": "NOT_PROTECTED",
        "internal_transit_subnets": [
          "#.#.#.#/24"
        ],

           ..........


        "path": "/global-infra/tier-0s/#########-####-####-####-###########",
        "intersite_config": {
          "last_admin_active_epoch": #########,
          "intersite_transit_subnet": "#.#.#.#/20"
        },


       .......


        "relative_path": "#########-####-####-####-###########"
      },
      "related": [
        {
          "alias": "security_features",
          "results": [],
          "result_count": 0 <<<<< This "result_count": 0 indicates that the T0SecurityConfig is either missing or does not contain any features, which prevents the UI from rendering the firewall settings.
        }
      ]
    },

Resolution

Upgrading to NSX version 4.2.2 and later releases are recommended to resolve this issue. The upgrade ensures that all required security-config objects, including the necessary feature attributes, are properly created and handled by the system.

Powered by Wolken Software