2026-02-23T14:00:02.795Z <Manager Name> NSX 124518 POLICY [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="manager"] IPSecVpnLocalEndpoint /infra/tier-1s/<Tier1>/ipsec-vpn-services/<IPsec VPN Name>/local-endpoints/<Endpoint Name> Realization failed Error com.vmware.nsx.management.common.ip.utils.InvalidIPRangeFormatException: Invalid IP range format. IP range string provided <FQDN involved in Cert>
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
VMware NSX
This issue is due to a defect in the product code where the validation engine incorrectly identifies FQDNs with multiple hyphens as malformed IP ranges.
This issue is resolved in VMware NSX 4.2.4, available at Broadcom downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.
Workaround
Use an alternative FQDN/Certificate that does not use multiple hyphens.
Add Local Endpoints - TechDocs
Subscribe to this knowledge article to get updates on this issue.