Getting an alarm that indicates a security license "VMware vDefend Firewall" could not be applied to the NSX Manager. The license has failed specific validation pre-conditions and remains in a "Rejected" state.

Entity Type: Cluster Node Config

Event Type: Security License Rejected

NSX 9.1.X

• Security license vDefend Firewall have a strict dependency on the base infrastructure license. The most common cause is a missing or invalid VMware Cloud Foundation (VCF) base license.
• The system validates the presence of a VCF key before allowing the add-on security key to activate. As seen in the alarm message:

"The license VMware vDefend Firewall ending with XXXX could not be applied. Reason: VMware vDefend Firewall key can be added only if valid ('VMware Cloud Foundation') key exists.."

Example:

The license VMware Defend Firewall ending with PYOMK could not be applied. Reason: VMware Defend Firewall key can be added only if valid ("VMware Cloud Foundation") key exists.. For more details, please refer to log file /var/log/proton/nsxapi.log .

To resolve this alarm, ensure the prerequisite base license is present:

1. Navigate to the Licenses section of your management console and confirm that a valid VMware Cloud Foundation (VCF) base license is already applied and active.

2. You must apply the VCF base license before attempting to apply add-on security licenses like vDefend Firewall.

3. If a VCF license is present but the error persists, review the detailed validation logs on the NSX Manager CLI:

   • Log File Path: /var/log/proton/nsxapi.log

4. Once the VCF base license is confirmed, re-attempt the security license application.