Attempts to delete DFW rules from the Global Manager may fail, resulting in stale UI entries.
search cancel

Attempts to delete DFW rules from the Global Manager may fail, resulting in stale UI entries.

book

Article ID: 408729

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

In a Federated environment, deletion of a DFW rule on Global manager(GM) fails with following error:

"The property children.null.children.null.SecurityPolicy.children.null.Rule.destination_groups.null must be a valid string"

 

Additionally, the rule itself will be greyed out.

 

 

Environment

VMware NSX-T Data Center 

VMware NSX

Cause

The Global Manager failed to fully delete the DFW rule, you'd see a similar log on 

/var/log/gmanager/gmanager.log of Global Manager

[{"Rule":{"resource_type":"Rule","id":"New_Rule","path":"/global-infra/domains/default/security-policies/XXXXXXXX/rules/testing","marked_for_delete":true,"overridden":false,"sources_excluded":false,"destinations_excluded":false,"logged":false,"disabled":false,"direction":"IN_OUT"},"resource_type":"ChildRule","marked_for_delete":true,"mark_for_override":false}]

Resolution

A cleanup is required and so reach out to Broadcom  ANS vDefend support.
See Creating and managing Broadcom support cases for details on opening a case. 

Additional Information

Impact/Risks:
You may not be able to delete or create new DFW rules until you delete the stale entries.

Powered by Wolken Software