The table explains system event messages for distributed firewall of major, critical, or high severity.

Event Code

Event Severity

Alarm Triggered

Event Message

Description

301001

Critical

No

Filter config update failed on host.

Host failed to receive/parse filter configuration or open device /dev/dvfiltertbl .

Action: See the key-value pair for context and failure reason, which might include VIB version mismatch between NSX Manager and prepared hosts and unexpected upgrade issues. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301002

Major

No

Filter config not applied to vnic.

Failed to apply filter configuration to vNIC.

Possible cause: Failure in opening, parsing, or updating filter configuration. This error should not occur with distributed firewall but might occur in Network Extensibility (NetX) scenarios.

Action: Collect technical support bundles for ESXi and NSX Manager, and contact VMware technical support.

301031

Critical

No

Firewall config update failed on host.

Failed to receive/parse/update firewall configuration. Key value will have context information such as generation number and other debug information.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the distributed firewall configuration still fails to be updated on the host, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301032

Major

No

Failed to apply firewall rule to vnic.

Failed to apply firewall rules to vNIC.

Action: Verify that vsip kernel heaps have enough free memory (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure that the host logs (vmkernel.log and vsfwd.log) includes the time period when the firewall configuration was being applied to the vNIC.

301041

Critical

No

Container configuration update failed on host.

An operation related to network and security container configuration failed. Key value will have context information such as container name and generation number.

Action: Verify that vsip kernel heaps have enough free memory (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure that the host logs (vmkernel.log and vsfwd.log) includes the time period when the container configuration was being applied to the vNIC.

301051

Major

No

Flow missed on host.

Flow data for one or more sessions to and from protected virtual machines was dropped, failed to be read or failed to be sent to NSX Manager.

Action: Verify that vsip kernel heaps have enough free memory and that vsfwd memory consumption is within resource limits (See "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists , collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301061

Critical

No

Spoofguard config update failed on host.

A configuration operation related to SpoofGuard failed.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (see "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the SpoofGuard configuration still fails, collect the technical support logs for NSX Manager and host, and contact VMware technical support. Make sure logs includes the time period when the host received the SpoofGuard configuration.

301062

Major

No

Failed to apply spoofguard to vnic.

SpoofGuard failed to be applied to a vNIC.

Action: Verify that the host preparation procedure was followed. Log in to the host and collect the /var/log/vsfwd.log file and then force sync the firewall configuration with the API https://<nsx-mgr>/api/4.0/firewall/forceSync/<host-id> (see "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide). If the SpoofGuard configuration still fails, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301064

Major

No

Failed to disable spoofguard for vnic.

SpoofGuard failed to be disabled for a vNIC.

Action: Collect the technical support logs forNSX Manager and host, and contact VMware technical support.

301072

Critical

No

Failed to delete legacy App service vm.

The vShield App service VM for vCloud Networking and Security failed to be deleted.

Action: Verify that the procedure "Upgrade vShield App to Distributed Firewall" in the NSX Upgrade Guide was followed.

301080

Critical

No

Firewall CPU threshold crossed.

vsfwd CPU usage threshold value was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301081

Critical

No

Firewall memory threshold crossed.

vsfwd memory threshold value was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization, including reducing the number of configured firewall rules or network and security containers. To reduce the number of firewall rules, use the appliedTo capability. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301082

Critical

No

Firewall ConnectionsPerSecond threshold crossed.

The threshold for firewall connections per second was crossed.

Action: See the "View Firewall CPU and Memory Threshold Events" section in the NSX Administration Guide. You might need to reduce host resource utilization, including reducing the number of active connections to and from VMs on the host.

301501

Critical

No

Firewall configuration update version {version#} to host {hostID} timed out. Firewall configuration on host is synced upto version {version#}.

A host took more than two minutes to process a firewall configuration update, and the update timed out.

Action: Verify that vsfwd is functioning and that rules are being published to hosts. See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301502

Critical

No

Spoofguard configuration update number {number#} to host {hostID} timed out. Spoofguard configuration on host is synced upto version {version#}.

A host took more than two minutes to process a SpoofGuard configuration update, and the update timed out.

Action: Verify that vsfwd is functioning and that rules are being published to hosts. See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301503

Critical

No

Failed to publish firewall configuration version {version#} to cluster {clusterID}. Refer logs for details.

Publishing firewall rules has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301504

Critical

No

Failed to publish container updates to cluster {clusterID}. Refer logs for details.

Publishing network and security container updates failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301505

Critical

No

Failed to publish spoofguard updates to cluster {clusterID}. Refer logs for details.

Publishing SpoofGuard updates has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301506

Critical

No

Failed to publish exclude list updates to cluster {clusterID}. Refer logs for details.

Publishing exclude list updates has failed for a cluster or one or more hosts.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301508

Critical

No

Failed to sync host {hostID}. Refer logs for details.

A firewall force sync operation via the API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> failed.

Action: See "Troubleshooting Distributed Firewall" in the NSX Troubleshooting Guide. If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301510

Critical

No

Force sync operation failed for the cluster.

A firewall force sync operation via the API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> failed.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301512

Major

No

Firewall is installed on host {hostID}[{hostID}].

The distributed firewall was installed successfully on a host.

Action: In vCenter Server, navigate to Home > Networking & Security > Installation and select the Host Preparation tab. Verify that Firewall Status displays as green.

301513

Major

No

Firewall is uninstalled on host {hostID}[{hostID}].

The distributed firewall was uninstalled from a host.

If the distributed firewall components fail to be uninstalled, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301514

Critical

No

Firewall is enabled on cluster {clusterID}.

The distributed firewall was installed successfully on a cluster.

Action: In vCenter Server, navigate to Home > Networking & Security > Installation and select the Host Preparation tab. Verify that Firewall Status displays as green.

301515

Critical

No

Firewall is uninstalled on cluster {clusterID}.

The distributed firewall was uninstalled from a cluster.

Action: If the distributed firewall components fail to be uninstalled, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301516

Critical

No

Firewall is disabled on cluster {clusterID}.

The distributed firewall was disabled on all hosts in a cluster.

Action: None required.

301034

Major

No

Failed to apply Firewall rules to host.

A distributed firewall rule section failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301043

Critical

No

Failed to apply container configuration to vnic.

A network or security container configuration failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host , and contact VMware technical support.

301044

Critical

No

Failed to apply container configuration to host.

A network or security container configuration failed to be applied.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host, and contact VMware technical support.

301066

Major

No

Failed to apply Spoofguard configuration to host.

Failed to apply all SpoofGuard to the vnics.

Action: Verify that vsip kernel heaps have enough free memory (see "View Firewall CPU and Memory Threshold Events" in the NSX Administration Guide.) If the problem persists, collect the technical support logs for NSX Manager and host , and contact VMware technical support.

301100

Critical

No

Firewall timeout configuration update failed on host.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation > Host Preparation and, under Actions, select Force Sync Services.

301101

Major

No

Failed to apply firewall timeout configuration to vnic.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation > Host Preparation and, under Actions, select Force Sync Services.

301103

Major

No

Failed to apply firewall timeout configuration to host.

The firewall session timer timeout configuration failed to be updated.

Action: Collect the technical support logs for NSX Manager and host, and contact VMware technical support. After you have collected the logs, force sync the firewall configuration with the REST API https://<nsx-mgr-ip>/api/4.0/firewall/forceSync/<host-id> or by going to Installation > Host Preparation and, under Actions, select Force Sync Services.

301200

Major

No

Application Rule Manager flow analysis started.

Application Rule Manager flow analysis started.

Action: None required.

301201

Major

No

Application Rule Manager flow analysis failed.

Application Rule Manager flow analysis failed.

Action: Collect the technical support logs for NSX Manager, and contact VMware technical support. Start a new monitoring session for the same vNICs as the failed session to attempt the operation again.

301202

Major

No

Application Rule Manager flow analysis completed.

Flow analysis for the Application Rule Manager is complete.

Action: None required.