Alarm for gateway_firewall.sr_limit_per_edge_approaching
search cancel

Alarm for gateway_firewall.sr_limit_per_edge_approaching

book

Article ID: 369476

calendar_today

Updated On:

Products

VMware NSX Firewall VMware vDefend Firewall

Issue/Introduction

Event ID: gateway_firewall.sr_limit_per_edge_approaching

Added in release: 4.2.1

Alarm Description:

  • Purpose: The number of Tier0/Tier1 Logical Routers or bridges with Gateway Firewall feature enabled on an edge is approaching the maximum limit.

  • Impact: Dataplane functions may be impacted due to high scale. Increased time for configuration to get realized.

Environment

VMware NSX Data Center 4.2.1

Cause

Number of Tier-0 or Tier-1 gateways configured are approaching the Edge Form Factor maximum.

Note: For optimal performance and throughput, it is recommended to follow the guidelines below based on NSX 4.2.1 Configuration Limits.

 

Edge Form Factor Max number of Gateway Firewalls Description
Medium 5

Deployed either as T0, T1 or Bridge mode on the same edge node.

Note: TLS Inspection or Advanced Threat Prevention (ATP) features cannot be enabled on Gateway Firewalls deployed on a Medium Edge node.
Large or Extra Large 100

Can be a combination of either T0, T1, or Bridges.

Note: Only 10 Gateway Firewalls can be deployed per Large Edge Node with Advanced Threat Prevention (ATP) features activated.
Baremetal 100

Can be a combination of either T0, T1, or Bridges.

Note: Only 25 Gateway Firewalls can be deployed per Baremetal Edge Node with Advanced Threat Prevention (ATP) features activated.

Resolution

Reduce the number of gateways configured on the edge node. Map additional gateways to a new edge in the cluster.

Disable Gateway Firewall feature on the gateway if no firewall rules are configured.

Powered by Wolken Software