Service Router Limit Per Edge Exceeded alarm is generated when support limit is not reached in NSX 4.2.1.X.
search cancel

Service Router Limit Per Edge Exceeded alarm is generated when support limit is not reached in NSX 4.2.1.X.

book

Article ID: 382701

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

  • VMware NSX is in use with the Gateway Firewall enabled.
  • Alarms are generated for "Service Router Limit Per Edge Exceeded" even though the limit is under the maximum allowed.
  • An example of one of these alarms can be seen below:

The number of T0/T1 Service routers 4 or bridges 0 with Gateway Firewall features enabled on edge XXX-XXX-XXX has exceeded the maximum threshold of 98%. Maximum number of Service routers and bridges supported with Gateway Firewall feature enabled is 5.

  • The limit for a medium edge node is 5. The above alarm states a combined total of service routers and bridges using the firewall service is 4. The limit has not been exceeded yet the alarm seen in the UI.

Environment

VMware NSX 4.2.1.x

Cause

This is a known issue with the Event ID: gateway_firewall.sr_limit_per_edge_exceeded which is a false alert.

Resolution

Issue is fixed in NSX 4.2.2.1 and 9.x.

Workaround: Suppress or disable the alarm if it is triggered while your T0/T1/Bridge with GFW enabled are within the specified limits. 

 

Additional Information

Review the NSX 4.2.1 Gateway Firewall Configuration limits here

Powered by Wolken Software