HCX Network Extension appliances are showing an Unknown status, which has terminated all the network tunnels. This happens because the appliances can't talk to the HCX Manager anymore.

What to look for:

• Service Mesh status is Unknown in the HCX UI.
• Network tunnels are down.

VMware NSX

VMware HCX

HCX appliances are not placed in NSX DFW exclusion list allowing conflicting DFW rules to apply on the appliance which blocks network traffic from the HCX network extension appliance to HCX manager

The fix is to put the HCX appliances on the NSX Exclusion List so the firewall leaves them alone.

1. In NSX Manager, go to Security > Distributed Firewall.
2. Click Settings and then Exclusion List.
3. Click Add Member and add all your HCX Interconnect (IX), Network Extension (NE), and manager appliances.
4. Save the list.