4 Replies Latest reply on Jan 30, 2020 10:38 AM by Jeffery Hawks

    Cannot delete old Firewall autosave configurartions.

    Jeffery Hawks Enthusiast

      Hi. I am on NSX v6.4.6. I am currently at 90 out of 100 firewalls rules saved. I am unable to delete the old configurations in the NSX plugin. I believe it was firewall settings. I click on an old firewall configuration and hit delete, and it just has a "loading" dialogue for like 5min till i abort.

       

      So my questions are.

       

      1. How do I delete them?

      2. What happens when I get to the 101 firewall change? Will it work and the old one not saved? Or can I not do anymore firewall changes?

       

      Thanks,,,

        • 1. Re: Cannot delete old Firewall autosave configurartions.
          KocPawel Hot Shot

          1. From vCenter HTML5 Client go to Network and Security -> Security-> Firewall Settings

          There you can fin dsaved configurations, mark and delete them.

          Unfortunately I couldn't find how to remove more than one config at once probably from API you can do it.

          (or Export all

           

          2. NSX can save up to 100 configurations. After this limit is exceeded, saved configurations marked with Preserve Configuration are preserved, while older non-preserved configurations are deleted to make room for preserved configurations.

          • 2. Re: Cannot delete old Firewall autosave configurartions.
            Jeffery Hawks Enthusiast

            The problem is that does not work. The dialogue box just hangs "loading" forever till I quit brower. I tried multiple browsers and also the Flash client.

            • 3. Re: Cannot delete old Firewall autosave configurartions.
              KocPawel Hot Shot

              Have you tried to reboot NSX Manager?

              Then I suggest to log on NSX Manager (SSh, user: admin), then type enable and type password. Then:

              show log manager follow

               

              Try to remove saved configuration and check if there are some errors in logs.

               

              You can also check virgo log file on vCenter server.

              • 4. Re: Cannot delete old Firewall autosave configurartions.
                Jeffery Hawks Enthusiast

                Hi. Thank you for the reply. I am wondering if we are running into the jar file issue that was spoke about in this TID.

                 

                https://kb.vmware.com/s/article/76402

                 

                We upgrade from v6.3.5 to v6.4.6

                 

                We can see the firewall, but maybe this is related?

                 

                The log on the nsxmanager spews errors when I attempt.

                 

                Here is a snippet.

                 

                 

                2020-01-30 16:00:22.429 GMT-00:00  INFO http-nio-127.0.0.1-7441-exec-16 VcConnection$1:229 - - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Invoking SessionManager.logout on SessionManager, operationID=opId-bf739-140894

                2020-01-30 16:00:22.634 GMT-00:00 ERROR http-nio-127.0.0.1-7441-exec-16 FirewallConfigurationDtoConverter:470 - - [nsxv@6876 comp="nsx-manager" errorCode="MP110301" level="ERROR" subcomp="manager"] Exception while converting to model

                com.vmware.vshield.app.firewall.exceptions.InvalidValueException: null

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallObjectInfoDtoConverter.convertToModelSource(FirewallObjectInfoDtoConverter.java:167) ~[app-1.0.jar:?]

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallRuleDtoConverter.convertToModel(FirewallRuleDtoConverter.java:311) ~[app-1.0.jar:?]

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallSectionDtoConverter.convertToModel(FirewallSectionDtoConverter.java:322) ~[app-1.0.jar:?]

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallSectionDtoConverter.convertToModel(FirewallSectionDtoConverter.java:250) ~[app-1.0.jar:?]

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallSectionDtoConverter.convertToModel(FirewallSectionDtoConverter.java:190) ~[app-1.0.jar:?]

                        at com.vmware.vshield.firewall.facade.dtoconverter.FirewallConfigurationDtoConverter.convertToModel(FirewallConfigurationDtoConverter.java:451) ~[app-1.0.jar:?]

                @                          

                 

                Thanks,,,