Some NSX services, such as VMware Partner Security Virtual Appliances, do not support a direct upgrade. In these cases, you must uninstall and reinstall the services.

VMware Partner Security Virtual Appliances

Check the partner documentation to verify if the partner security virtual appliance can be upgraded.

NSX Data Security

You should uninstall NSX data security before upgrading NSX and then reinstall it after the NSX upgrade is complete. If you have already upgraded NSX without first uninstalling NSX data security, you must uninstall data security using a REST API call.

Issue the following API call:

DELETE https://<nsx-manager-ip>/api/1.0/vshield/<host-id>/vsds

The host-id is the MOID of the ESXi host. To retrieve the MOID, open the VMware VirtualCenter Operational Dashboard: https://<vcenter-ip>/vod/index.html?page=hosts.

For the ESXi host with the MOID "host-22" on vCenter Server, the API call would be formatted as follows:


Make sure to issue the API call on all of your ESXi hosts.

After data security is uninstalled, you can install the new version. See Install NSX Data Security.


Starting in NSX 6.2, the SSL VPN gateway only accepts the TLS protocol. However, after upgrading to NSX 6.2 or later, any new clients that you create automatically use the TLS protocol during connection establishment. Additionally, starting in NSX 6.2.3 TLS 1.0 is deprecated.

Because of the protocol change, when an NSX 6.0.x client tries to connect to an NSX 6.2 or later gateway, the connection establishment fails at the SSL handshake step.

After the upgrade from NSX 6.0.x, uninstall your old SSL VPN clients and install the NSX 6.2.x version of the SSL VPN clients. See "Install SSL Client on Remote Site" in the NSX Administration Guide.


NSX Edge upgrade is not supported if you have L2 VPN installed on an NSX Edge with versions 5.5.x or 6.0.x. Any L2 VPN configuration must be deleted before you can upgrade the NSX Edge.