• Packet loss affecting North/South or South/North sessions through NSX Edge nodes with Active/Active Stateless T0 is observed, possibly causing TCP sessions to fail.
• No upload speed to internet. Edge VM reboot required to restore connectivity.
• Stateful rules are seen to be applied to stateless VIFs.
• Log lines similar to the below are encountered on the NSX Edge node in /var/log/syslog

  NSX 2870696 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewallcp" tname="##-###13" level="ERROR"] Stateful Rule #### configured on stateless vif ########-####-####-####-############
  datapathd 2870696 firewallcp tname="##-####" [ERROR] Stateful Rule ###13 configured on stateless vif ########-####-####-####-############

• The default Gateway Firewall rule appears to be Stateless in the NSX UI.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

VMware NSX 4.x
VMware NSX-T Data Center 3.x

This is a known issue impacting VMware NSX.

Workaround:

• This issue can be remediated by creating a new Gateway Firewall rule configured the same as the default 'Allow all' Gateway Firewall rule, set to Stateless and 'Allow', right above the default rule.

If you are contacting Broadcom support about this issue, please provide the following:

• NSX Manager support bundles.
• NSX Edge nodes support bundles.
• Text of any error messages seen in NSX GUI or command lines pertinent to the investigation.

Handling Log Bundles for offline review with Broadcom support

• Collect Support Bundles for Troubleshooting VMware NSX
• Uploading files to cases on the Broadcom Support Portal
• Creating and managing Broadcom support cases

For further information see Troubleshooting NSX Network Connectivity Issues.