Unable to activate firewall hardening in the VCF Operations with "Unable to change firewall rules" error
search cancel

Unable to activate firewall hardening in the VCF Operations with "Unable to change firewall rules" error

book

Article ID: 439330

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

When attempting to activate firewall hardening in the VCF Operations (formerly Aria Operations) UI, the process fails.

  1. Navigate to Administration > Administrator Settings > Security Settings.
  2. Select Activate Firewall Hardening.
  3. The task fails with the error: Unable to change firewall rules.

 

Environment

VCF Operations 9.0.2

Cause

The issue is typically caused by missing OVF environment configuration properties on the virtual appliance nodes. When the OVF environment is unavailable, the application cannot retrieve the necessary metadata to apply security configuration changes.

Resolution

To verify and resolve this issue, follow the steps below:

  1. Log in to the VCF Operations Primary Node via SSH using root credentials.
  2. Run the following command to check the OVF environment:
     
    ovfenv
  3. If the output returns "Unable to find the OVF environment" , the properties are missing. Perform this check on all nodes in the cluster to confirm if the issue is global.

If the OVF environment is missing, you must restore the vApp properties at the vCenter Server level for each affected node.

  1. Power off the affected VCF Operations nodes.
  2. Follow the instructions in the following Broadcom knowledge base article to restore the missing properties: vApp properties are missing or empty in Aria Operations (336691).
  3. Once the properties are restored, power on the nodes.
  4. Retry the Activate Firewall Hardening process from the UI.
Powered by Wolken Software