Host failed to receive/parse filter configuration or open device /dev/dvfiltertbl .

Action: See the key-value pair for context and failure reason, which might include VIB version mismatch between NSX Manager and prepared hosts and unexpected upgrade issues. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Failed to apply filter configuration to vNIC.

Possible cause: Failure in opening, parsing, or updating filter configuration. This error should not occur with distributed firewall but might occur in Network Extensibility (NetX) scenarios.

Action: Collect technical support bundles for ESXi and NSX Manager, and contact VMware technical support.

Failed to receive/parse/update firewall configuration. Key value will have context information such as generation number and other debug information.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the distributed firewall configuration still fails to be updated on the host, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Failed to apply firewall rules to vNIC.

Action: Verify that vsip kernel heaps have enough free memory (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure that the host logs (vmkernel.log and vsfwd.log) includes the time period when the firewall configuration was being applied to the vNIC.

Information or Major

A firewall ruleset is published successfully to the host.

Starting in NSX 6.4.0, this system event is an "information" event. However, in all NSX 6.2.x and 6.3.x releases, it is a "major" event. Therefore, when you upgrade from NSX 6.2.x or 6.3.x to NSX 6.4.0 or later, this system event continues to be classified as a "major" event.

In a fresh installation of NSX 6.4.0 or later, this event is an "information" event.

If SNMP is used, an SNMP trap is triggered.

Action: No action is required.

An operation related to network and security container configuration failed. Key value will have context information such as container name and generation number.

Action: Verify that vsip kernel heaps have enough free memory (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure that the host logs (vmkernel.log and vsfwd.log) includes the time period when the container configuration was being applied to the vNIC.

Flow data for one or more sessions to and from protected virtual machines was dropped, failed to be read or failed to be sent to NSX Manager.

Action: Verify that vsip kernel heaps have enough free memory and that vsfwd memory consumption is within resource limits (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists , collect the technical support logs for NSX Manager and host, and contact VMware technical support.

A configuration operation related to SpoofGuard failed.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (see "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the SpoofGuard configuration still fails, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure logs includes the time period when the host received the SpoofGuard configuration.

SpoofGuard failed to be applied to a vNIC.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (see "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the SpoofGuard configuration still fails, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

SpoofGuard failed to be disabled for a vNIC.

Action: Collect the technical support logs forNSX Manager and host, and contact VMware technical support.

The vShield App service VM for vCloud Networking and Security failed to be deleted.

Action: Verify that the procedure "Upgrade vShield App to Distributed Firewall" in the NSX Upgrade Guide was followed.

vsfwd CPU usage threshold value was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

vsfwd memory threshold value was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization, including reducing the number of configured firewall rules or network and security containers. To reduce the number of firewall rules, use the appliedTo capability. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

The threshold for firewall connections per second was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization, including reducing the number of active connections to and from VMs on the host.

The maximum concurrent connections threshold for the host firewall agent is exceeded for the specified vNIC.

Action: Reduce the amount of traffic on the vNIC.

The memory utilization threshold for the host firewall agent is exceeded.

Action: Reduce the number of rules or security groups/containers in the firewall configuration. If the issue persists, a memory leak may have occurred. To recover from this condition, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

CPU usage for the host firewall agent is below threshold level.

Action: Information-only event. No action is required.

The heap memory usage of the host firewall agent is below threshold level.

Action: Information-only event. No action is required.

The connections per second (CPS) value for the host firewall agent is below the threshold level for the specified vNIC.

Action: Information-only event. No action is required.

The maximum concurrent connections value for the host firewall agent is below threshold level for the specified vNIC.

Action: Information-only event. No action is required.

The memory utilization of the host firewall agent is below the threshold level.

Action: Information-only event. No action is required.

The event thresholds for distributed firewall are applied successfully.

Action: Information-only event. No action required.

The event thresholds for distributed firewall failed to be applied. Certain threshold values are unchanged. Contextual data provided with this event may indicate the cause of this failure.

Action: If the issue persists, collect the technical support logs for the NSX Manager and host, and contact VMware technical support. Ensure that the host logs cover the period when the host received the firewall configuration update. After collecting the logs, force synchronize the firewall configuration to recover.

A host took more than two minutes to process a firewall configuration update, and the update timed out.

Action: Verify that vsfwd is functioning and that rules are being published to hosts. See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

A host took more than two minutes to process a SpoofGuard configuration update, and the update timed out.

Action: Verify that vsfwd is functioning and that rules are being published to hosts. See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Publishing firewall rules has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Publishing network and security container updates failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Publishing SpoofGuard updates has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Publishing exclude list updates has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

A firewall force sync operation via the API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> failed.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

A firewall force sync operation via the API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> failed.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support.

The distributed firewall was installed successfully on a host.

Action: In vCenter Server, navigate to Home > Networking & Security > Installation and Upgrade and select the Host Preparation tab. Verify that Firewall Status displays as green.

The distributed firewall was uninstalled from a host.

If the distributed firewall components fail to be uninstalled, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

The distributed firewall was installed successfully on a cluster.

Action: In vCenter Server, navigate to Home > Networking & Security > Installation and Upgrade and select the Host Preparation tab. Verify that Firewall Status displays as green.

The distributed firewall was uninstalled from a cluster.

Action: If the distributed firewall components fail to be uninstalled, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

The distributed firewall was disabled on all hosts in a cluster.

Action: None required.

A distributed firewall rule section failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

A network or security container configuration failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host , and contact VMware technical support.

A network or security container configuration failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

Failed to apply all SpoofGuard to the vnics.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host , and contact VMware technical support.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation and Upgrade > Host Preparation and, under Actions, select Force Sync Services.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation and Upgrade > Host Preparation and, under Actions, select Force Sync Services.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation and Upgrade > Host Preparation and, under Actions, select Force Sync Services.

Application Rule Manager flow analysis started.

Action: None required.

Application Rule Manager flow analysis failed.

Action: Collect the technical support logs for NSX Manager, and contact VMware technical support. Start a new monitoring session for the same vNICs as the failed session to attempt the operation again.

Flow analysis for the Application Rule Manager is complete.

Action: None required.