Issue: Deleted  DFW firewall rules are still being processed by Rule Analysis even though they no longer exist in the UI or in Corfu (the datastore) of NSX manager.

Impact: Users may receive inaccurate rule analysis reports, such as anomalies or redundant rules being reported for rules that no longer exist.

This can lead to false alarms or misleading security insights, particularly in scaled environments.

The issue may affect users who repeatedly create and delete rules or policies using the same name.

SSP 5.1 , NSX 9.0.2

In NSX, when a rule is deleted and recreated with the same name or ID within a single transaction, internally, NSX updates the rule configuration with the new rule_id instead of performing a actual rule deletion and recreation.

Because this operation does not generate a delete event, the SSP never receives notification for the deletion of old rule_id. Consequently, the old ID is never removed from the SSP and remains in a dangling state, which can lead to inaccurate rule analysis reports.

As Per NSX recommendations, deleting and recreating a rule with the same name or ID should not be performed within the same transaction (such as a single HAPI call or UI publish operation).

There are two possible workarounds, Follow any one of the below

1.Delete the newly created DFW rule that shares the same policy path as the existing rule.

OR

2.To remove such stale rules from SSPI database, please contact GSS.