The export version of Distributed Firewall must be set to 1000 on hosts before you migrate them to NSX-T Data Center. You must verify the export version and update if necessary.

Procedure

For each host, complete the following steps.
  1. Log into the command-line interface.
  2. Retrieve the Distributed Firewall filter for the host.
    [root@esxi:~] vsipioctl getfilters | grep "Filter Name" | grep "sfw.2"
       name: nic-2112467-eth0-vmware-sfw.2
       name: nic-2112467-eth1-vmware-sfw.2
       name: nic-2112467-eth2-vmware-sfw.2
    [root@esxi:~] 
  3. Use the filter information to retrieve the export version for the host.
    [root@esxi:~] vsipioctl getexportversion -f nic-2112467-eth0-vmware-sfw.2 
    Current export version: 500
    [root@esxi:~]
  4. If the version is not 1000, set the export version. Use one of the following methods.
    • Use the vsipioctl setexportversion command to set the export version.

      [root@esxi:~] vsipioctl setexportversion -f nic-2112467-eth0-vmware-sfw.2 -e 1000
    • Disable and then enable Distributed Firewall on the host.

  5. Verify that the export version is updated.
    [root@esxi:~] vsipioctl getexportversion  -f nic-2112467-eth0-vmware-sfw.2 
    Current export version: 1000