Some NSX services, such as VMware Partner Security Virtual Appliances, do not support a direct upgrade. In these cases, you must uninstall and reinstall the services.

NSX Data Security

Ideally, it is best to uninstall NSX data security before upgrading NSX and then reinstall it after the NSX upgrade is complete. If you have already upgraded NSX without first uninstalling NSX data security, you must uninstall data security using a REST API call.

Issue the following API call:

DELETE https://<nsx-manager-ip>/api/1.0/vshield/<host-id>/vsds

The host-id is the MOID of the ESXi host. To retrieve the MOID, open the VMware VirtualCenter Operational Dashboard: https://<vcenter-ip>/vod/index.html?page=hosts.

For the ESXi host with the MOID "host-22" on vCenter Server, the API call would be formatted as follows:


Make sure to issue the API call on all of your ESXi hosts.

After data security is uninstalled, you can install the new version. See Install NSX Data Security.


Starting in NSX 6.2, the SSL VPN gateway only accepts the TLS protocol. Starting in NSX 6.2.3 TLS 1.0 is deprecated. VMware Partner Security Virtual Appliances do not support a direct upgrade. However, after upgrading to NSX 6.2.x, any new NSX 6.2.x clients that you create automatically use the TLS protocol during connection establishment.

Because of the protocol change, when an NSX 6.0.x client tries to connect to an NSX 6.2.x gateway, the connection establishment fails at the SSL handshake step.

After the upgrade to NSX 6.2.x, uninstall your old SSL VPN clients and install the NSX 6.2.x version of the SSL VPN clients. See "Install SSL Client on Remote Site " in the NSX Administration Guide.


Any L2 VPN configuration on an NSX Edge must be deleted before you can upgrade the NSX Edge to NSX 6.2.x.