This issue occurs if the hostd is not aware of the dynamic rule when auto-deploy attempts to check host compliance after applying the host profile. As a result, the compliance check fails if the host profile contains the dynamic rule set


Actulally this issue occurred 5.5 but I saw it is also exist in 6.0 and solution is same.



To workaround this issue:


  1. Disable and enable SNMP on the host to restore the dynamicruleset firewall ruleset.

    • Connect to the affected host using SSH and root credentials. For more information, see Using ESXi Shell in ESXi 5.x and 6.0 (2004746).

    • Run this command to disable SNMP:

      esxcli system snmp set -e 0
    • Run this command to enable SNMP:

      esxcli system snmp set -e 1
    • Apply the Host Profile and check compliance.

  2. Manually check and apply the host profile again to refresh the firewall. This will clear the compliance error.

  3. Reset the firewall on ESXi host using these commands:
  • esxcli network firewall set --enabled false
  • esxcli network firewall set --enabled true

Again detach reference host and attach then check compliance



See Also