Unable to manage NSX Distributed Firewall rules after upgrading to VMware Cloud Director 10.6
search cancel

Unable to manage NSX Distributed Firewall rules after upgrading to VMware Cloud Director 10.6

book

Article ID: 411394

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Cannot manage NSX-V DFW rules in the VMware Cloud Director UI after upgrading from 10.5.1 to 10.6.x versions.

  • "Security" tab is not enabled in an NSX-V backed Org VDC.
  • "Manage Firewall" operations are not available for tenants in an NSX-V backed Org VDC
  • VMware Cloud Director was recently upgraded from 10.5.x to 10.6.x

Environment

VMware Cloud Director 10.6.x

Cause

This is a known issue in VMware Cloud Director 10.6.x versions.

Changes in VMware Cloud Director 10.6 versions to enable the Three-Tier Tenancy model inadvertently removed the "Security" tab from NSX-V backed Organizations.

Resolution

The Engineering team is aware of this issue and plans to address it in an upcoming release of Cloud Director.

Additional Information

As a workaround, the APIs can be used to manage the Distributed Firewall and Distributed Firewall Rules for NSX-V enabled OVDCs.

Example:  Enabling a DFW on a OVDC:

  https://{{VCD_HOST}}/network/firewall/vdc/{{vdc_id}}.

Once the DWF is enabled, rules can also be added utilizing the APIs.

Full API Guide can be found here: NSX Distributed Firewall Service

------------------------------------------------------------

The capability to manage the distributed firewall that were behind the "Security" tab under "Networking" have been moved to the Data Centre Group for NSX-T as per documentation at

Add a Distributed Firewall Rule to a Data Center Group with an NSXNetwork Provider Type in the VMware Cloud Director Tenant Portal

Powered by Wolken Software