VMware Cloud Community
jaj
Contributor
Contributor
‎06-30-2015 07:01 AM

Updating firewall rules in vapp times out

Hi,

We have several vApps with large firewall rule sett (700-1200 rules)  we normale update this with scripts, but some times it easier to add it manually throug the gui.  on the vApps with 700ish rules it works fine but with the largest ones the "updating network" fails with a timeout.  This always happens after 30minutes. So i guess there is a timeout limit configured somewhere in vCloud Director.

Any one have a solution to this or a suggestion for where to look?

Where using vCloud Director 5.5.3

thank you,

John

John
0 Kudos
5 Replies
Anjani_Kumar
Commander
Commander
‎06-30-2015 07:11 AM

There is an timeout configured for all the session in the general tab of the administration page of vcloud. did you checked that?

You can modify the timeout as per your requirement.

2015-06-30_19-39-45.jpg

Please consider marking this answer "correct" or "helpful" if you found it useful. Anjani Kumar | VMware vExpert 2014-2015-2016 | Infrastructure Specialist Twitter : @anjaniyadav85 Website : http://www.Vmwareminds.com
0 Kudos
jaj
Contributor
Contributor
‎07-01-2015 12:55 AM

Yes, unfortunately  the task time out has nothing to do with these settings,

John

John
0 Kudos
Sreec
VMware Employee
VMware Employee
‎07-01-2015 07:52 AM

Hi,

      Considering the number of rules i'm assuming you are using Powercli scripts or API calls? Adding to that when you say this happens after 30 minutes,does that mean when we push the rules,30 minutes from the start time of the activity it eventually times out? Does that network let you change/update any other settings? Easiest way to isolate will be to deploy a edge explicitly from vShield manager and push the same rules,that will certainly isolate the issue.

Note:As far as i know the maximum firewall rule that edge supports is 2000 so that shouldn't be a problem in this case.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
jaj
Contributor
Contributor
‎07-02-2015 12:53 AM

Hi,

Yes we are using powercli scripts. The scripts work fine, upto 1248 rules anything above that we also get simular timouts there also.

If I edit the firewall rules directly in vshield i can add more, it's just when we try to go over 1248 rules the timepouts happen.

John
0 Kudos
Sreec
VMware Employee
VMware Employee
‎07-04-2015 12:39 AM

OK,so we are still within the limits(less than 2000 FW rules).Is the issue specific to that edge? Have you even tried pushing the rules to any other edge? If the issue is isolated to this edge.Please do re-deploy the edge and give it a try.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos