The default signature bundle in NSX versions 4.1.2.6 and 4.1.2.7 contains an issue preventing the IDPS (Intrusion Detection and Prevention System) engine from loading the signatures on the host.

Symptoms:

Scenario 1: New Setup (Green Field)

- Green field NSX 4.1.2.6 & 4.1.2.7 setups with IDPS enabled.

- On the ESXi host, executing "nsxcli -c get ids engine stats" shows that IDPS rules are not loaded:

NSX IDS Engine Statistics -------------------------------------------------- uptime: 2731 (0 days 00:45:31) app_layer: --------- flow: tx: detect: ------ engines: alerts: 0 id: 0 last_reload: 2025-12-01T21:52:56.185682+0000 packets_incoming: 0 packets_outgoing: 0 packets_reject: 0 rules_failed: 0 rules_loaded: 0 ----------> No IDPS rules are loaded. tcp: --- memuse: 3031040 reassembly_memuse: 491520

Dec 1, 2025, 5:49:32 PM : There is 1 new open alarm (Severity: Critical, Feature: Distributed IDS IPS, Event Type: NSX IDPS Engine Down). View All

The NSX 4.1.2.6 and 4.1.2.7 release includes a problematic default signature bundle. Although the signatures are successfully loaded onto the NSX Manager, the IDPS engine on the ESXi host is unable to load them.

Workaround: The issue is specific to the default signature bundle. Updating the signature bundle resolves the issue.

This can be done by:

1. Enabling Auto-Update for IDPS signatures.
2. Manually Updating the IDPS signature bundle.

++The fix will be included in a future NSX release.