DFW and Gateway Firewall(GFW) rule stats display 0 in NSX-T Federation
search cancel

DFW and Gateway Firewall(GFW) rule stats display 0 in NSX-T Federation

book

Article ID: 416783

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

  • NSX-T version 9.0 is being used.
  • The NSX-T infra is Federated
  • While checking the NSX-T UI in either Local Manager or Global Manager there are 0 stats displayed for the DFW/GFW rules 
  • While checking the DFW/GFW stats for specific rules using API, the hit counts are incrementing

GET /policy/api/v1/infra/domains/default/security-policies/<PolicyID>/rules/<RuleID>/statistics

  • From the ESX host the user observes that the DFW rule stats increment.
  • From the NSX-T edge node the user observes the GFW rule stats increment.

Environment

VMware vDefend 9.0

Cause

  • The DFW/GFW rule statistics are not displayed in the NSX-T UI due to API returning an incorrect enforcement_point information

Expected enforcement_point:  /global-infra/sites/site1/enforcement-points/default

Actual enforcement_point:  /infra/sites/default/enforcement-points/default

Resolution

This issue is resolved in VMware NSX-T version 9.0.1.0

Powered by Wolken Software