VMware NSX 4.0 | 02 AUG 2022 | Build 20159689

Check for additions and updates to these release notes.

What's New

NSX 4.0.0.1 is a major release offering new features in all the verticals of NSX: networking, security and services. Some of the major enhancements are the following:

  •  IPv6 external-facing Management Plane introduces support for IPv6 communication from external systems with the NSX management cluster (Local Manager only).
  •  Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs.

In addition to the features, many other capabilities are added in every area on the product. More details are available below in the detailed description of added features.

Product Name Change: With the release of 4.0.0.1 the product name changes from "VMware NSX-T Data Center" to "VMware NSX." This new name better reflects the multi-faceted value that NSX brings to customers. This update is apparent in the product graphical user interface as well as documentation. This change has no impact to the functionality of the product or changes to the API that impacts compatibility with previous releases.

Layer 3 Networking

  • IPv6 external-facing Management Plane introduces support for IPv6 communication from external systems with the NSX management cluster (Local Manager only). The NSX Manager now supports dual-stack (IPv4 and IPv6) in the external management interface. IPV6-only deployments are not supported in this release.

The following external communication and systems are supported:

  • Access to NSX User Interface (UI) through IPv6
  • Access to NSX API through IPv6
  • IPv6 communication with vCenter
    • In this release vCenter services and clients using vCenter Extension Manager to communicate with NSX Manager, such as vLCM, WCP and Supervisor Cluster, will be using IPv4 to connect to NSX Manager.
  • IPv6 syslog
  • IPv6 SNMP
  • IPv6 SSH
  • IPv6 SFTP (Backup & Restore)
  • IPv6 communication with DNS server (name resolution)
  • IPv6 communication with NTP server
  • IPv6 Cluster VIP
  • IPv6 communication with LDAP/AD servers, for user authentication and IDFW
  • IPv6 interaction with Operations tools: vRNI, vRLI & vROPs
  • IPv6 support for telemetry/VAC
  • Internal T0-T1 transit subnet prefix change after Tier0 creation allows users to change the prefix used for the T0-T1 transit subnet after the Tier-0 creation. Before this feature the user was allowed to change the default value (100.64.0.0/16) only at the Tier-0 creation time.

Networking Services (NAT, DHCP, DNS)

  • NAT support for Policy-based VPN on T0/T1 Gateway allows the configuration of DNAT/NO-DNAT rule that matches traffic decapsulated from the Policy-based VPN. At the time we want to translate the Destination IP for the traffic decapsulated from the VPN we can configure DNAT/NO-DNAT and select "match" for the policy based VPN. The default behavior will be kept to bypass which means it does not match traffic decapsulated from policy-based VPN.
  • DHCP UI configuration workflow improvement offers in a simpler and easier configuration of Local DHCP server; Gateway DHCP server or DHCP Relay . It also offers better visibility and monitoring options.
  • DHCP Standby relocation improves the availability for the DHCP server, allowing the configuration of standby relocation where, in case of failure, the new standby Edge will be elected.

Edge platform

  • Edge relocate API gives the option when an Edge VM enters maintenance mode, to gracefully relocate all T1 auto allocated SRs to other Edge VMs.
  • Maintain Edge Node parameters during upgrade - post-upgrade all user-edited settings of Edge Node will be preserved and not reset to default.

Distributed Firewall

  • Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs. This is achieved by ingesting a feed of Malicious IPs provided by Vmware Contexa. This feed is automatically updated multiple times a day so that the environment is protected with the latest malicious IPs. For existing environments the feature will need to be turned on explicitly. For new environments, the feature will be default enabled.
  • NSX Distributed Firewall has now added support for these following versions for physical servers: RHEL 8.2, 8.4, Ubuntu 20.04, CentOS 8.2, 8.4.

Federation

  • Physical servers are now supported are on Local Managers that are part of a Federation. Physical servers can now be part of groups defined on Global Manager, those groups can then be used in firewall rules (DFW or Gateway Firewall).

Service insertion

  • Service Insertion has now added additional alarms to monitor the health and liveness of the Service Insertion components.

NSX Application Platform and Associated Services 

  • NSX 4.0.0.1 is compatible with NSX Application Platform 3.2.1 version, along with the related NSX features (NSX Intelligence, NSX Network Detection and Response, NSX Malware Prevention, and NSX Metrics).
  • If you are running NSX Application Platform 3.2.0, you must upgrade to NSX Application Platform 3.2.1 (or any subsequent maintenance release) before you can upgrade to NSX 4.0.0.1.

Installation and upgrade

  • Faster Upgrades - benefit from up to a 10% reduction in NSX upgrade time overall to use the maintenance windows more effectively.
  • Monitoring - New alarms for lifecycle status of physical servers (install, uninstall, upgrade).
  • Usability Enhancements:

    Generate system notifications when newer NSX versions become available.

Operations and Monitoring

  • Live Traffic Analysis & Traceflow support for VPN - get an end-to-end view of live packets in a VPN tunnel using Traceflow or the Live Traffic Analysis Tool
  • Edge Support for Live Traffic Analysis - use the Live Traffic Analysis tool to perform packet capture on NSX Edge interfaces
  • Enhancements to events, alarms & operations - several known issues with the Live Traffic Analysis tool and Traceflow have been addressed in this release. Also, high latency alerts have been added in the the management and network infrastructure.

AAA and Platform Security

  • Improved Local User Password Configuration - NSX supports additional complexity requirements to align with newer industry regulations

API 

  • Logging of Deprecated APIs: The system will flag in the logs when an API involved is deprecated in order to simplify the transition from deprecated APIs to their replacement.

Licensing

  • License Enforcement - Enhanced feature-level enforcement on NSX Firewall license editions, restricting access to features based on license edition. New users are able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition are restricted to only viewing the objects; create and edit will be disallowed.

Feature Deprecation

  • Support of Non-VIO OpenStack and KVM: NSX will no longer support either KVM based hypervisors or OpenStack distributions from third-party vendors. Support for VMware Integration OpenStack (VIO) remains. Please see the VMware Product Interoperability Matrix for details on which versions of NSX and VIO are compatible.
  • NSX N-VDS Host Switch support: NSX 3.0.0 and later has the capability to run on the vSphere VDS switch version 7.0 and later. This provides a tighter integration with vSphere and easier NSX adoption for customers adding NSX to their vSphere environment. Please be aware that VMware has removed support of the NSX N-VDS virtual switch on ESXi hosts starting this release, NSX 4.0.0.1. N-VDS will remain the supported virtual switch on NSX Edge nodes, native public cloud NSX agents, and bare metal workloads.

New deployments of NSX and vSphere must take advantage of this close integration and deploy using VDS switch version 7.0 and later. In addition, for existing deployments of NSX that use the N-VDS on ESXi hosts, VMware recommends moving toward the use of NSX on VDS before upgrading to this release. To make this process easy, VMware has provided both a CLI based switch migration tool, which was first made available in NSX-T 3.0.2, and a GUI based Upgrade Readiness Tool, which was first made available in NSX-T 3.1.1 (see NSX documentation for more details on these tools).

The following deployment considerations are recommended when moving from N-VDS to VDS before upgrading to this release:

  • The N-VDS and VDS APIs are different, and the backing type for VM and vmKernel interface APIs for the N-VDS and VDS switches are also different. As you move to use VDS in your environment, you will have to invoke the VDS APIs instead of N-VDS APIs. This ecosystem change will have to be made before converting the N-VDS to VDS. Refer to KB https://kb.vmware.com/s/article/79872 for more details.

    Note: There are no changes to N-VDS or VDS APIs.

  • VDS is configured through vCenter, while N-VDS was vCenter independent. With the deprecation of N-VDS, NSX will be closely tied to vCenter and vCenter will be required to enable NSX in vSphere environments.

NSX Distributed Firewall has now deprecated support for these following versions of physical servers: RHEL 7.8, 8.0, and 8.3, CentOS 7.8, 8.0, and 8.3

NSX Advanced Load Balancing Policy API and UI deprecation

  • Configuration of NSX Advanced Load Balancer(Avi), using NSX Advanced Load Balance Policy API and UI, is deprecated starting NSX 4.0.0.1 and will be removed completely in future releases. We recommend you use NSX Advanced Load Balancer (Avi) UI and API directly for the configuration of Load Balancers in NSX-T integration across all deployment models.
  • Installation of NSX Advanced Load Balancer appliance cluster and cross-launch of NSX Advanced Load Balancer UI from the NSX-T manager will continue to be supported. 
  • The users consuming NSX Advanced Load Balance Policy API and UI in the earlier releases of NSX-T 3.1.x, NSX-T 3.2.0, and NSX-T 3.2.1 upgrading to NSX 4.0.0.1 will need to clean the NSX Advanced Load Balance Policy configuration in the NSX manager(using Deactive workflow) and will retain the configuration in VMware NSX Advanced Load balancer (Avi). From there on, users can consume Load balancing functionality directly from VMware NSX Advanced Load balancer (Avi).
  • Migration of NSX-V Load Balancer for User-Defined Topology Lift-and-Shift Migration is not be supported in NSX 4.0.0.1.

API Deprecation and Behavior Changes

  • New pages on API deprecation of removal have been added to the NSX API Guide to simplify API consumption. Those will list the deprecated APIs and Types, and the removed APIs and Types.
  • The following MP APIs for service insertion have been removed. Their corresponding UI have also been removed.

Removed API Replacement
GET  /api/v1/serviceinsertion/excludelist GET  /policy/api/v1/infra/settings/service-insertion/security/exclude-list
PUT  /api/v1/serviceinsertion/excludelist PUT  /policy/api/v1/infra/settings/service-insertion/security/exclude-list
POST  /api/v1/serviceinsertion/excludelist?action=add_member PATCH  /policy/api/v1/infra/settings/service-insertion/security/exclude-list
POST  /api/v1/serviceinsertion/excludelist?action=remove_member PATCH  /policy/api/v1/infra/settings/service-insertion/security/exclude-list
GET  /api/v1/serviceinsertion/status GET /policy/api/v1/infra/settings/service-insertion/security/status
GET  /api/v1/serviceinsertion/status/<context-type> GET /policy/api/v1/infra/settings/service-insertion/security/status
PUT  /api/v1/serviceinsertion/status/<context-type> PATCH /policy/api/v1/infra/settings/service-insertion/security/status
GET  /api/v1/serviceinsertion/sections GET  /policy/api/v1/infra/domains/<domain-id>/redirection-policies
POST  /api/v1/serviceinsertion/sections PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST  /api/v1/serviceinsertion/sections?action=create_with_rules PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
GET  /api/v1/serviceinsertion/sections/<section-id> GET  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST  /api/v1/serviceinsertion/sections/<section-id>?action=list_with_rules GET  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules
DELETE  /api/v1/serviceinsertion/sections/<section-id> DELETE  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
PUT  /api/v1/serviceinsertion/sections/<section-id> PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST  /api/v1/serviceinsertion/sections/<section-id>?action=update_with_rules PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST /api/v1/serviceinsertion/sections/<section-id>?action=revise PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST  /api/v1/serviceinsertion/sections/<section-id>?action=revise_with_rules PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
GET /api/v1/serviceinsertion/sections/<section-id>/rules/<rule-id> GET  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>
GET /serviceinsertion/sections/<section-id>/rules GET  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules
POST /serviceinsertion/sections/<section-id>/rules PATCH  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>
PUT  /api/v1/serviceinsertion/sections/<section-id>/rules/<rule-id> PUT  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>
POST /api/v1/serviceinsertion/sections/<section-id>/rules?action=create_multiple PATCH  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
POST /api/v1/serviceinsertion/sections/<section-id>/rules/<rule-id>?action=revise PATCH   /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>
DELETE /api/v1/serviceinsertion/sections/<section-id>/rules/<rule-id> DELETE  /policy/api/v1/infra/domains/<domain-id>/redirection-policies/<redirection-policy-id>/rules/<rule-id>
GET /api/v1/fabric/nodes/<node-id>/network/interfaces GET /transport-nodes/<transport-node-id>/network/interface
  • NSX Advanced Load Balancing API Deprecation:
Advanced Load Balancing Functionality Deprecated API https://{NSX-T-Policy-Manager-IP/FQDN}/<api> Recommendation Avi API

https://{Avi-controller-IP/FQDN}/<api>

ALB Auth Token PUT /policy/api/v1/infra/alb-auth-token Not Applicable
ALB Controller Version GET /policy/api/v1/infra/alb-controller-version GET /api/initial-data
ALB Analytics Profile
GET /policy/api/v1/infra/alb-analytics-profiles GET /api/analyticsprofile
DELETE /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> GET /api/analyticsprofile
GET /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> DELETE /api/analyticsprofile/{uuid}GET /api/analyticsprofile/{uuid}
PATCH /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> PATCH /api/analyticsprofile/{uuid}
PUT /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> PUT /api/analyticsprofile/{uuid}
ALB Application Persistence Profiles
GET /policy/api/v1/infra/alb-application-persistence-profiles GET /api/applicationpersistenceprofile
DELETE /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> DELETE /api/applicationpersistenceprofile/{uuid}
GET /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> GET /api/applicationpersistenceprofile/{uuid}
PATCH /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> PATCH /api/applicationpersistenceprofile/{uuid}
PUT /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> PUT /api/applicationpersistenceprofile/{uuid}
ALB Application Profiles
GET /policy/api/v1/infra/alb-application-profiles GET /api/applicationprofile
DELETE /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> DELETE /api/applicationprofile/{uuid}
GET /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> GET /api/applicationprofile/{uuid}
PATCH /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> PATCH /api/applicationprofile/{uuid}
PUT /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> PUT /api/applicationprofile/{uuid}
ALB Auth Profiles
GET /policy/api/v1/infra/alb-auth-profiles GET /api/authprofile
DELETE /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> DELETE /api/authprofile/{uuid}
GET /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> GET /api/authprofile/{uuid}
PATCH /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> PATCH /api/authprofile/{uuid}
PUT /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> PUT /api/authprofile/{uuid}
ALB Auto Scale Launch Configs
GET /policy/api/v1/infra/alb-auto-scale-launch-configs GET /api/autoscalelaunchconfig
DELETE /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> DELETE /api/autoscalelaunchconfig/{uuid}
GET /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> GET /api/autoscalelaunchconfig/{uuid}
PATCH /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> PATCH /api/autoscalelaunchconfig/{uuid}
PUT /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> PUT /api/autoscalelaunchconfig/{uuid}
ALB DNS Policies
GET /policy/api/v1/infra/alb-dns-policies GET /api/dnspolicy
DELETE /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> DELETE /api/dnspolicy/{uuid}
GET /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> GET /api/dnspolicy/{uuid}
PATCH /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> PATCH /api/dnspolicy/{uuid}
PUT /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> PUT /api/dnspolicy/{uuid}
ALB Error Page Bodies
GET /policy/api/v1/infra/alb-error-page-bodies GET /api/errorpagebody
DELETE /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> DELETE /api/errorpagebody/{uuid}
GET /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> GET /api/errorpagebody/{uuid}
PATCH /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> PATCH /api/errorpagebody/{uuid}
PUT /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> PUT /api/errorpagebody/{uuid}
ALB Error Page Profiles
GET /policy/api/v1/infra/alb-error-page-profiles GET /api/errorpageprofile
DELETE /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> DELETE /api/errorpageprofile/{uuid}
GET /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> GET /api/errorpageprofile/{uuid}
PATCH /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> PATCH /api/errorpageprofile/{uuid}
PUT /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> PUT /api/errorpageprofile/{uuid}
ALB HTTP Policy Sets
GET /policy/api/v1/infra/alb-http-policy-sets GET /api/httppolicyset
DELETE /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> DELETE /api/httppolicyset/{uuid}
GET /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> GET /api/httppolicyset/{uuid}
PATCH /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> PATCH /api/httppolicyset/{uuid}
PUT /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> PUT /api/httppolicyset/{uuid}
ALB Hardware Security Module Groups
GET /policy/api/v1/infra/alb-hardware-security-module-group GET /api/hardwaresecuritymodulegroup
DELETE /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> DELETE /api/hardwaresecuritymodulegroup/{uuid}
GET /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> GET /api/hardwaresecuritymodulegroup/{uuid}
PATCH /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> PATCH /api/hardwaresecuritymodulegroup/{uuid}
PUT /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> PUT /api/hardwaresecuritymodulegroup/{uuid}
ALB Health Monitors
GET /policy/api/v1/infra/alb-health-monitors GET /api/healthmonitor
DELETE /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> DELETE /api/healthmonitor/{uuid}
GET /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> GET /api/healthmonitor/{uuid}
PATCH /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> PATCH /api/healthmonitor/{uuid}
PUT /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> PUT /api/healthmonitor/{uuid}
ALB IP Addr Groups
GET /policy/api/v1/infra/alb-ip-addr-groups GET /api/ipaddrgroup
DELETE /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> DELETE /api/ipaddrgroup/{uuid}
GET /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> GET /api/ipaddrgroup/{uuid}
PATCH /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> PATCH /api/ipaddrgroup/{uuid}
PUT /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> PUT /api/ipaddrgroup/{uuid}
ALB L4 Policy Sets
GET /policy/api/v1/infra/alb-l4-policy-sets GET /api/l4policyset
DELETE /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> DELETE /api/l4policyset/{uuid}
GET /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> GET /api/l4policyset/{uuid}
PATCH /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> PATCH /api/l4policyset/{uuid}
PUT /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> PUT /api/l4policyset/{uuid}
ALB Network Profiles
GET /policy/api/v1/infra/alb-network-profiles GET /api/networkprofile
DELETE /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> DELETE /api/networkprofile/{uuid}
GET /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> GET /api/networkprofile/{uuid}
PATCH /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> PATCH /api/networkprofile/{uuid}
PUT /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> PUT /api/networkprofile/{uuid}
ALB Network Security Policies
GET /policy/api/v1/infra/alb-network-security-policies GET /api/networksecuritypolicy
DELETE /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> DELETE /api/networksecuritypolicy/{uuid}
GET /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> GET /api/networksecuritypolicy/{uuid}
PATCH /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> PATCH /api/networksecuritypolicy/{uuid}
PUT /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> PUT /api/networksecuritypolicy/{uuid}
ALB Onboarding Workflow PUT /policy/api/v1/infra/alb-onboarding-workflowDELETE /policy/api/v1/infra/alb-onboarding-workflow/<managed-by> Not Applicable.
ALB PKI Profiles
GET /policy/api/v1/infra/alb-pki-profiles GET /api/pkiprofile
DELETE /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> DELETE /api/pkiprofile/{uuid}
GET /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> GET /api/pkiprofile/{uuid}
PATCH /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> PATCH /api/pkiprofile/{uuid}
PUT /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> PUT /api/pkiprofile/{uuid}
ALB Pool Group Deployment Policies
GET /policy/api/v1/infra/alb-pool-group-deployment-policies GET /api/poolgroupdeploymentpolicy
DELETE /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> DELETE /api/poolgroupdeploymentpolicy/{uuid}
GET /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> GET /api/poolgroupdeploymentpolicy/{uuid}
PATCH /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> PATCH /api/poolgroupdeploymentpolicy/{uuid}
PUT /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> PUT /api/poolgroupdeploymentpolicy/{uuid}
ALB Pool Groups
GET /policy/api/v1/infra/alb-pool-groups GET /api/poolgroup
DELETE /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> DELETE /api/poolgroup/{uuid}
GET /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> GET /api/poolgroup/{uuid}
PATCH /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> PATCH /api/poolgroup/{uuid}
PUT /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> PUT /api/poolgroup/{uuid}
ALB Pools
GET /policy/api/v1/infra/alb-pools GET /api/pool
DELETE /policy/api/v1/infra/alb-pools/<alb-pool-id> DELETE /api/pool/{uuid}
GET /policy/api/v1/infra/alb-pools/<alb-pool-id> GET /api/pool/{uuid}
PATCH /policy/api/v1/infra/alb-pools/<alb-pool-id> PATCH /api/pool/{uuid}
PUT /policy/api/v1/infra/alb-pools/<alb-pool-id> /PUT /api/pool/{uuid}
ALB Priority Labels
GET /policy/api/v1/infra/alb-priority-labels GET /api/prioritylabels
DELETE /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> DELETE /api/prioritylabels/{uuid}
GET /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> GET /api/prioritylabels/{uuid}
PATCH /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> PATCH /api/prioritylabels/{uuid}
PUT /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> PUT /api/prioritylabels/{uuid}
ALB Protocol Parsers
GET /policy/api/v1/infra/alb-protocol-parsers GET /api/protocolparser
DELETE /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> DELETE /api/protocolparser/{uuid}
GET /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> GET /api/protocolparser/{uuid}
PATCH /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> PATCH /api/protocolparser/{uuid}
PUT /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> PUT /api/protocolparser/{uuid}
ALB Security Policies
GET /policy/api/v1/infra/alb-security-policies GET /api/securitypolicy
DELETE /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> DELETE /api/securitypolicy/{uuid}
GET /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> GET /api/securitypolicy/{uuid}
PATCH /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> PATCH /api/securitypolicy/{uuid}
PUT /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> PUT /api/securitypolicy/{uuid}
ALB Server Auto Scale Policies
GET /policy/api/v1/infra/alb-server-auto-scale-policies GET /api/serverautoscalepolicy
DELETE /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> DELETE /api/serverautoscalepolicy/{uuid}
GET /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> GET /api/serverautoscalepolicy/{uuid}
PATCH /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> PATCH /api/serverautoscalepolicy/{uuid}
PUT /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id>+ PUT /api/serverautoscalepolicy/{uuid}
ALB SSL Key And Certificates
GET /policy/api/v1/infra/alb-ssl-key-and-certificates GET /api/sslkeyandcertificate
DELETE /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> DELETE /api/sslkeyandcertificate/{uuid}
GET /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> GET /api/sslkeyandcertificate/{uuid}
PATCH /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> PATCH /api/sslkeyandcertificate/{uuid}
PUT /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> PUT /api/sslkeyandcertificate/{uuid}
ALB SSL Profiles
GET /policy/api/v1/infra/alb-ssl-profilesDELETE /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> GET /api/sslprofile
DELETE /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> DELETE /api/sslprofile/{uuid}
GET /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> GET /api/sslprofile/{uuid}
PATCH /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> PATCH /api/sslprofile/{uuid}
PUT /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> PUT /api/sslprofile/{uuid}
ALB SSO Policies
GET /policy/api/v1/infra/alb-sso-policies GET /api/ssopolicy
DELETE /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> DELETE /api/ssopolicy/{uuid}
GET /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> GET /api/ssopolicy/{uuid}
PATCH /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> PATCH /api/ssopolicy/{uuid}
PUT /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> PUT /api/ssopolicy/{uuid}
ALB String Groups
GET /policy/api/v1/infra/alb-string-groups GET /api/stringgroup
DELETE /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> DELETE /api/stringgroup/{uuid}
GET /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> GET /api/stringgroup/{uuid}
PATCH /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> PATCH /api/stringgroup/{uuid}
PUT /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> PUT /api/stringgroup/{uuid}
ALB Traffic Clone Profiles
GET /policy/api/v1/infra/alb-traffic-clone-profiles GET /api/trafficcloneprofile
DELETE /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> DELETE /api/trafficcloneprofile/{uuid}
GET /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> GET /api/trafficcloneprofile/{uuid}
PATCH /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> PATCH /api/trafficcloneprofile/{uuid}
PUT /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> PUT /api/trafficcloneprofile/{uuid}
ALB Virtual Services
GET /policy/api/v1/infra/alb-virtual-services GET /api/virtualservice
DELETE /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> DELETE /api/virtualservice/{uuid}
GET /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> GET /api/virtualservice/{uuid}
PATCH /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> PATCH /api/virtualservice/{uuid}
PUT /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> PUT /api/virtualservice/{uuid}
ALB VS Data Script Sets
GET /policy/api/v1/infra/alb-vs-data-script-sets GET /api/vsdatascriptset
DELETE /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> DELETE /api/vsdatascriptset/{uuid}
GET /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> GET /api/vsdatascriptset/{uuid}
PATCH /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> PATCH /api/vsdatascriptset/{uuid}
PUT /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> PUT /api/vsdatascriptset/{uuid}
ALB VS Vips
GET /policy/api/v1/infra/alb-vs-vips GET /api/vsvip
DELETE /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> DELETE /api/vsvip/{uuid}
GET /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> GET /api/vsvip/{uuid}
PATCH /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> PATCH /api/vsvip/{uuid}
PUT /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> PUT /api/vsvip/{uuid}
ALB WAF CRS
GET /policy/api/v1/infra/alb-waf-crs GET /api/wafcrs
DELETE /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> DELETE /api/wafcrs/{uuid}
GET /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> GET /api/wafcrs/{uuid}
PATCH /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> PATCH /api/wafcrs/{uuid}
PUT /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> PUT /api/wafcrs/{uuid}
ALB WAF Policies
GET /policy/api/v1/infra/alb-waf-policies GET /api/wafpolicy
DELETE /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> DELETE //apiwafpolicy/{uuid}
GET /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> GET /api/wafpolicy/{uuid}
PATCH /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> PATCH /api/wafpolicy/{uuid}
PUT /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> PUT /api/wafpolicy/{uuid}
ALB WAF Policy PSM Groups
GET /policy/api/v1/infra/alb-waf-policy-psm-groups GET /api/wafpolicypsmgroup
DELETE /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> DELETE /api/wafpolicypsmgroup/{uuid}
GET /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> GET /api/wafpolicypsmgroup/{uuid}
PATCH /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> PATCH /api/wafpolicypsmgroup/{uuid}
PUT /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> PUT /api/wafpolicypsmgroup/{uuid}
ALB WAF Profiles
GET /policy/api/v1/infra/alb-waf-profiles GET /api/wafprofile
DELETE /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> DELETE /api/wafprofile/{uuid}
GET /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> GET /api/wafprofile/{uuid}
PATCH /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> PATCH /vwafprofile/{uuid}
PUT /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> PUT /wafprofile/{uuid}
Advanced Load Balancing Functionality Deprecated API https://{NSX-T-Policy-Manager-IP/FQDN}/<api> Recommendation Avi API

https://{Avi-controller-IP/FQDN}/<api>

ALB Auth Token PUT /policy/api/v1/infra/alb-auth-token Not Applicable
ALB Controller Version GET /policy/api/v1/infra/alb-controller-version GET /api/initial-data
ALB Analytics Profile
GET /policy/api/v1/infra/alb-analytics-profiles GET /api/analyticsprofile
DELETE /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> GET /api/analyticsprofile
GET /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> DELETE /api/analyticsprofile/{uuid}GET /api/analyticsprofile/{uuid}
PATCH /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> PATCH /api/analyticsprofile/{uuid}
PUT /policy/api/v1/infra/alb-analytics-profiles/<alb-analyticsprofile-id> PUT /api/analyticsprofile/{uuid}
ALB Application Persistence Profiles
GET /policy/api/v1/infra/alb-application-persistence-profiles GET /api/applicationpersistenceprofile
DELETE /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> DELETE /api/applicationpersistenceprofile/{uuid}
GET /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> GET /api/applicationpersistenceprofile/{uuid}
PATCH /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> PATCH /api/applicationpersistenceprofile/{uuid}
PUT /policy/api/v1/infra/alb-application-persistence-profiles/<alb-applicationpersistenceprofile-id> PUT /api/applicationpersistenceprofile/{uuid}
ALB Application Profiles
GET /policy/api/v1/infra/alb-application-profiles GET /api/applicationprofile
DELETE /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> DELETE /api/applicationprofile/{uuid}
GET /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> GET /api/applicationprofile/{uuid}
PATCH /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> PATCH /api/applicationprofile/{uuid}
PUT /policy/api/v1/infra/alb-application-profiles/<alb-applicationprofile-id> PUT /api/applicationprofile/{uuid}
ALB Auth Profiles
GET /policy/api/v1/infra/alb-auth-profiles GET /api/authprofile
DELETE /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> DELETE /api/authprofile/{uuid}
GET /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> GET /api/authprofile/{uuid}
PATCH /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> PATCH /api/authprofile/{uuid}
PUT /policy/api/v1/infra/alb-auth-profiles/<alb-authprofile-id> PUT /api/authprofile/{uuid}
ALB Auto Scale Launch Configs
GET /policy/api/v1/infra/alb-auto-scale-launch-configs GET /api/autoscalelaunchconfig
DELETE /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> DELETE /api/autoscalelaunchconfig/{uuid}
GET /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> GET /api/autoscalelaunchconfig/{uuid}
PATCH /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> PATCH /api/autoscalelaunchconfig/{uuid}
PUT /policy/api/v1/infra/alb-auto-scale-launch-configs/<alb-autoscalelaunchconfig-id> PUT /api/autoscalelaunchconfig/{uuid}
ALB DNS Policies
GET /policy/api/v1/infra/alb-dns-policies GET /api/dnspolicy
DELETE /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> DELETE /api/dnspolicy/{uuid}
GET /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> GET /api/dnspolicy/{uuid}
PATCH /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> PATCH /api/dnspolicy/{uuid}
PUT /policy/api/v1/infra/alb-dns-policies/<alb-dnspolicy-id> PUT /api/dnspolicy/{uuid}
ALB Error Page Bodies
GET /policy/api/v1/infra/alb-error-page-bodies GET /api/errorpagebody
DELETE /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> DELETE /api/errorpagebody/{uuid}
GET /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> GET /api/errorpagebody/{uuid}
PATCH /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> PATCH /api/errorpagebody/{uuid}
PUT /policy/api/v1/infra/alb-error-page-bodies/<alb-errorpagebody-id> PUT /api/errorpagebody/{uuid}
ALB Error Page Profiles
GET /policy/api/v1/infra/alb-error-page-profiles GET /api/errorpageprofile
DELETE /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> DELETE /api/errorpageprofile/{uuid}
GET /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> GET /api/errorpageprofile/{uuid}
PATCH /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> PATCH /api/errorpageprofile/{uuid}
PUT /policy/api/v1/infra/alb-error-page-profiles/<alb-errorpageprofile-id> PUT /api/errorpageprofile/{uuid}
ALB HTTP Policy Sets
GET /policy/api/v1/infra/alb-http-policy-sets GET /api/httppolicyset
DELETE /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> DELETE /api/httppolicyset/{uuid}
GET /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> GET /api/httppolicyset/{uuid}
PATCH /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> PATCH /api/httppolicyset/{uuid}
PUT /policy/api/v1/infra/alb-http-policy-sets/<alb-httppolicyset-id> PUT /api/httppolicyset/{uuid}
ALB Hardware Security Module Groups
GET /policy/api/v1/infra/alb-hardware-security-module-group GET /api/hardwaresecuritymodulegroup
DELETE /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> DELETE /api/hardwaresecuritymodulegroup/{uuid}
GET /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> GET /api/hardwaresecuritymodulegroup/{uuid}
PATCH /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> PATCH /api/hardwaresecuritymodulegroup/{uuid}
PUT /policy/api/v1/infra/alb-hardware-security-module-groups/<alb-hardwaresecuritymodulegroup-id> PUT /api/hardwaresecuritymodulegroup/{uuid}
ALB Health Monitors
GET /policy/api/v1/infra/alb-health-monitors GET /api/healthmonitor
DELETE /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> DELETE /api/healthmonitor/{uuid}
GET /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> GET /api/healthmonitor/{uuid}
PATCH /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> PATCH /api/healthmonitor/{uuid}
PUT /policy/api/v1/infra/alb-health-monitors/<alb-healthmonitor-id> PUT /api/healthmonitor/{uuid}
ALB IP Addr Groups
GET /policy/api/v1/infra/alb-ip-addr-groups GET /api/ipaddrgroup
DELETE /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> DELETE /api/ipaddrgroup/{uuid}
GET /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> GET /api/ipaddrgroup/{uuid}
PATCH /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> PATCH /api/ipaddrgroup/{uuid}
PUT /policy/api/v1/infra/alb-ip-addr-groups/<alb-ipaddrgroup-id> PUT /api/ipaddrgroup/{uuid}
ALB L4 Policy Sets
GET /policy/api/v1/infra/alb-l4-policy-sets GET /api/l4policyset
DELETE /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> DELETE /api/l4policyset/{uuid}
GET /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> GET /api/l4policyset/{uuid}
PATCH /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> PATCH /api/l4policyset/{uuid}
PUT /policy/api/v1/infra/alb-l4-policy-sets/<alb-l4policyset-id> PUT /api/l4policyset/{uuid}
ALB Network Profiles
GET /policy/api/v1/infra/alb-network-profiles GET /api/networkprofile
DELETE /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> DELETE /api/networkprofile/{uuid}
GET /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> GET /api/networkprofile/{uuid}
PATCH /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> PATCH /api/networkprofile/{uuid}
PUT /policy/api/v1/infra/alb-network-profiles/<alb-networkprofile-id> PUT /api/networkprofile/{uuid}
ALB Network Security Policies
GET /policy/api/v1/infra/alb-network-security-policies GET /api/networksecuritypolicy
DELETE /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> DELETE /api/networksecuritypolicy/{uuid}
GET /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> GET /api/networksecuritypolicy/{uuid}
PATCH /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> PATCH /api/networksecuritypolicy/{uuid}
PUT /policy/api/v1/infra/alb-network-security-policies/<alb-networksecuritypolicy-id> PUT /api/networksecuritypolicy/{uuid}
ALB Onboarding Workflow PUT /policy/api/v1/infra/alb-onboarding-workflowDELETE /policy/api/v1/infra/alb-onboarding-workflow/<managed-by> Not Applicable.
ALB PKI Profiles
GET /policy/api/v1/infra/alb-pki-profiles GET /api/pkiprofile
DELETE /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> DELETE /api/pkiprofile/{uuid}
GET /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> GET /api/pkiprofile/{uuid}
PATCH /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> PATCH /api/pkiprofile/{uuid}
PUT /policy/api/v1/infra/alb-pki-profiles/<alb-pkiprofile-id> PUT /api/pkiprofile/{uuid}
ALB Pool Group Deployment Policies
GET /policy/api/v1/infra/alb-pool-group-deployment-policies GET /api/poolgroupdeploymentpolicy
DELETE /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> DELETE /api/poolgroupdeploymentpolicy/{uuid}
GET /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> GET /api/poolgroupdeploymentpolicy/{uuid}
PATCH /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> PATCH /api/poolgroupdeploymentpolicy/{uuid}
PUT /policy/api/v1/infra/alb-pool-group-deployment-policies/<alb-poolgroupdeploymentpolicy-id> PUT /api/poolgroupdeploymentpolicy/{uuid}
ALB Pool Groups
GET /policy/api/v1/infra/alb-pool-groups GET /api/poolgroup
DELETE /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> DELETE /api/poolgroup/{uuid}
GET /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> GET /api/poolgroup/{uuid}
PATCH /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> PATCH /api/poolgroup/{uuid}
PUT /policy/api/v1/infra/alb-pool-groups/<alb-poolgroup-id> PUT /api/poolgroup/{uuid}
ALB Pools
GET /policy/api/v1/infra/alb-pools GET /api/pool
DELETE /policy/api/v1/infra/alb-pools/<alb-pool-id> DELETE /api/pool/{uuid}
GET /policy/api/v1/infra/alb-pools/<alb-pool-id> GET /api/pool/{uuid}
PATCH /policy/api/v1/infra/alb-pools/<alb-pool-id> PATCH /api/pool/{uuid}
PUT /policy/api/v1/infra/alb-pools/<alb-pool-id> /PUT /api/pool/{uuid}
ALB Priority Labels
GET /policy/api/v1/infra/alb-priority-labels GET /api/prioritylabels
DELETE /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> DELETE /api/prioritylabels/{uuid}
GET /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> GET /api/prioritylabels/{uuid}
PATCH /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> PATCH /api/prioritylabels/{uuid}
PUT /policy/api/v1/infra/alb-priority-labels/<alb-prioritylabels-id> PUT /api/prioritylabels/{uuid}
ALB Protocol Parsers
GET /policy/api/v1/infra/alb-protocol-parsers GET /api/protocolparser
DELETE /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> DELETE /api/protocolparser/{uuid}
GET /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> GET /api/protocolparser/{uuid}
PATCH /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> PATCH /api/protocolparser/{uuid}
PUT /policy/api/v1/infra/alb-protocol-parsers/<alb-protocolparser-id> PUT /api/protocolparser/{uuid}
ALB Security Policies
GET /policy/api/v1/infra/alb-security-policies GET /api/securitypolicy
DELETE /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> DELETE /api/securitypolicy/{uuid}
GET /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> GET /api/securitypolicy/{uuid}
PATCH /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> PATCH /api/securitypolicy/{uuid}
PUT /policy/api/v1/infra/alb-security-policies/<alb-securitypolicy-id> PUT /api/securitypolicy/{uuid}
ALB Server Auto Scale Policies
GET /policy/api/v1/infra/alb-server-auto-scale-policies GET /api/serverautoscalepolicy
DELETE /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> DELETE /api/serverautoscalepolicy/{uuid}
GET /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> GET /api/serverautoscalepolicy/{uuid}
PATCH /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id> PATCH /api/serverautoscalepolicy/{uuid}
PUT /policy/api/v1/infra/alb-server-auto-scale-policies/<alb-serverautoscalepolicy-id>+ PUT /api/serverautoscalepolicy/{uuid}
ALB SSL Key And Certificates
GET /policy/api/v1/infra/alb-ssl-key-and-certificates GET /api/sslkeyandcertificate
DELETE /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> DELETE /api/sslkeyandcertificate/{uuid}
GET /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> GET /api/sslkeyandcertificate/{uuid}
PATCH /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> PATCH /api/sslkeyandcertificate/{uuid}
PUT /policy/api/v1/infra/alb-ssl-key-and-certificates/<alb-sslkeyandcertificate-id> PUT /api/sslkeyandcertificate/{uuid}
ALB SSL Profiles
GET /policy/api/v1/infra/alb-ssl-profilesDELETE /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> GET /api/sslprofile
DELETE /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> DELETE /api/sslprofile/{uuid}
GET /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> GET /api/sslprofile/{uuid}
PATCH /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> PATCH /api/sslprofile/{uuid}
PUT /policy/api/v1/infra/alb-ssl-profiles/<alb-sslprofile-id> PUT /api/sslprofile/{uuid}
ALB SSO Policies
GET /policy/api/v1/infra/alb-sso-policies GET /api/ssopolicy
DELETE /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> DELETE /api/ssopolicy/{uuid}
GET /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> GET /api/ssopolicy/{uuid}
PATCH /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> PATCH /api/ssopolicy/{uuid}
PUT /policy/api/v1/infra/alb-sso-policies/<alb-ssopolicy-id> PUT /api/ssopolicy/{uuid}
ALB String Groups
GET /policy/api/v1/infra/alb-string-groups GET /api/stringgroup
DELETE /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> DELETE /api/stringgroup/{uuid}
GET /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> GET /api/stringgroup/{uuid}
PATCH /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> PATCH /api/stringgroup/{uuid}
PUT /policy/api/v1/infra/alb-string-groups/<alb-stringgroup-id> PUT /api/stringgroup/{uuid}
ALB Traffic Clone Profiles
GET /policy/api/v1/infra/alb-traffic-clone-profiles GET /api/trafficcloneprofile
DELETE /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> DELETE /api/trafficcloneprofile/{uuid}
GET /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> GET /api/trafficcloneprofile/{uuid}
PATCH /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> PATCH /api/trafficcloneprofile/{uuid}
PUT /policy/api/v1/infra/alb-traffic-clone-profiles/<alb-trafficcloneprofile-id> PUT /api/trafficcloneprofile/{uuid}
ALB Virtual Services
GET /policy/api/v1/infra/alb-virtual-services GET /api/virtualservice
DELETE /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> DELETE /api/virtualservice/{uuid}
GET /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> GET /api/virtualservice/{uuid}
PATCH /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> PATCH /api/virtualservice/{uuid}
PUT /policy/api/v1/infra/alb-virtual-services/<alb-virtualservice-id> PUT /api/virtualservice/{uuid}
ALB VS Data Script Sets
GET /policy/api/v1/infra/alb-vs-data-script-sets GET /api/vsdatascriptset
DELETE /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> DELETE /api/vsdatascriptset/{uuid}
GET /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> GET /api/vsdatascriptset/{uuid}
PATCH /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> PATCH /api/vsdatascriptset/{uuid}
PUT /policy/api/v1/infra/alb-vs-data-script-sets/<alb-vsdatascriptset-id> PUT /api/vsdatascriptset/{uuid}
ALB VS Vips
GET /policy/api/v1/infra/alb-vs-vips GET /api/vsvip
DELETE /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> DELETE /api/vsvip/{uuid}
GET /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> GET /api/vsvip/{uuid}
PATCH /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> PATCH /api/vsvip/{uuid}
PUT /policy/api/v1/infra/alb-vs-vips/<alb-vsvip-id> PUT /api/vsvip/{uuid}
ALB WAF CRS
GET /policy/api/v1/infra/alb-waf-crs GET /api/wafcrs
DELETE /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> DELETE /api/wafcrs/{uuid}
GET /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> GET /api/wafcrs/{uuid}
PATCH /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> PATCH /api/wafcrs/{uuid}
PUT /policy/api/v1/infra/alb-waf-crs/<alb-wafcrs-id> PUT /api/wafcrs/{uuid}
ALB WAF Policies
GET /policy/api/v1/infra/alb-waf-policies GET /api/wafpolicy
DELETE /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> DELETE //apiwafpolicy/{uuid}
GET /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> GET /api/wafpolicy/{uuid}
PATCH /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> PATCH /api/wafpolicy/{uuid}
PUT /policy/api/v1/infra/alb-waf-policies/<alb-wafpolicy-id> PUT /api/wafpolicy/{uuid}
ALB WAF Policy PSM Groups
GET /policy/api/v1/infra/alb-waf-policy-psm-groups GET /api/wafpolicypsmgroup
DELETE /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> DELETE /api/wafpolicypsmgroup/{uuid}
GET /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> GET /api/wafpolicypsmgroup/{uuid}
PATCH /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> PATCH /api/wafpolicypsmgroup/{uuid}
PUT /policy/api/v1/infra/alb-waf-policy-psm-groups/<alb-wafpolicypsmgroup-id> PUT /api/wafpolicypsmgroup/{uuid}
ALB WAF Profiles
GET /policy/api/v1/infra/alb-waf-profiles GET /api/wafprofile
DELETE /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> DELETE /api/wafprofile/{uuid}
GET /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> GET /api/wafprofile/{uuid}
PATCH /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> PATCH /vwafprofile/{uuid}
PUT /policy/api/v1/infra/alb-waf-profiles/<alb-wafprofile-id> PUT /wafprofile/{uuid}
ALB Webhooks
GET /policy/api/v1/infra/alb-webhooks GET /api/webhook
DELETE /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> DELETE /api/webhook/{uuid}
GET /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> GET /api/webhook/{uuid}
PATCH /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> PATCH /api/webhook/{uuid}
PUT /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> PUT /api/webhook/{uuid}
ALB Webhooks
GET /policy/api/v1/infra/alb-webhooks GET /api/webhook
DELETE /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> DELETE /api/webhook/{uuid}
GET /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> GET /api/webhook/{uuid}
PATCH /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> PATCH /api/webhook/{uuid}
PUT /policy/api/v1/infra/alb-webhooks/<alb-webhook-id> PUT /api/webhook/{uuid}

Compatibility and System Requirements

For compatibility and system requirements information, see the VMware Product Interoperability Matrices and the NSX Installation Guide.

Upgrade Notes for This Release

For instructions about upgrading NSXcomponents, see the NSX Upgrade Guide.

Customers upgrading to this release are recommended to run the NSX Upgrade Evaluation Tool before starting the upgrade process. The tool is designed to ensure success by checking the health and readiness of your NSX Managers prior to upgrading.

API and CLI Resources

See developer.vmware.com to use the NSX Data Center APIs or CLIs for automation.

The API documentation is available from the API Reference tab. The CLI documentation is available from the Documentation tab.

Available Languages

NSX has been localized into multiple languages: English, French, German, Italian, Japanese, Korean, Simplified Chinese, Traditional Chinese, and Spanish. Because NSX localization utilizes the browser language settings, ensure that your settings match the desired language.

Document Revision History

Revision Date Edition Changes
02 August 2022 1 Initial edition
05 August 2022 2 Updated What's New - Federation
11 August 2022 3 Updated What's New - Feature Deprecation, Added Italian as an available language
17 August 2022 4 Updated Feature Deprecation

Resolved Issues

  • Fixed Issue 2852146: When both the access token and the refresh token are expired at the same time when using vIDM, the first request will fail with a 403 error even with correct credentials.

    After the refresh token expires, attempting to create a new session will first be met with a 403 error. Subsequent attempts will succeed.

  • Fixed Issue 2914689: When there is an exception during host unprep, host remains in an uninstalling state.

    The host remains in uninstalling state on the UI. DB record updating also does not happen.

  • Fixed Issue 2920857: TCP MSS of SYN packets leaving T0 uplinks is not being correctly calculated from interface MTU.

    PMTU is forwarded to the Linux properly but mss is not changed due to the asymmetric forwarding path on the Linux side. The ICMP error message (mtu too big) is not forwarded to the Linux kernel.

  • Fixed Issue 2932398: If a trunk segment has a large VLAN range and is attached to a VRF access port, the trunk logical router port on T0 fails to get realized die to VLAN conflict.

    If a trunk segment has a large VLAN ranges and is attached to a VRF’s access port, the trunk logical router port on T0 is failed to be realized due to VLAN conflict. T0 is then stuck in failed status. Later the deletion of VRF still fails to delete the realization entity of the trunk logical router port due to a timing issue. This causes that T0 stuck in failed status.

  • Fixed Issue 2937981: NSX reinstallation on ESXi stops at 96%.

    The transport node realization progress on the UI shows 96%. The deployment_progress_state through the transport node state API reflects this as well.

  • Fixed Issue 2946589: ESXi hosts reported "UNKNOWN" state in NSX and VMs lost networking.

    1. ESXi Host reported "UNKNOWN" status in NSX UI (NSX controller status showed not available)

    2. VMs lost networking after migrating to this host

    3. VMs ports could be in a blocked state

  • Fixed Issue: 2957417: MP UI is not showing the correct route-map with AS-PATH prepend format of because of Model to Dto conversion.

    MP UI is not showing the correct route-map with AS-PATH prepend format. It is not showing to AS PLAIN or DOTTED format.

  • Fixed Issue 2966210: Message of the day in CLI is not accepting special characters.

    Customer was trying to set the motd (message of the day) with a special character. It was showing the below error.API [ PUT https://<nsx-mgr>/api/v1/node ] ("error_code": 36102, "error_message": "Error setting message of the day.", "module_name": "node-services”).

  • Fixed Issue 2880193: DHCP relay failing to provide IPv6 addresses from DHCPv6 server.

  • Fixed Issue 2921515: Random traffic interruption due to dvfilter channel lockup.

    The dvfilter communication channel between kernel and userspace gets stuck after running traffic for some time. The result is that packets cannot be sent out afterwards.

  • Fixed Issue 2928071: Force delete on the host does not work once the host and manager connection is down.

    The host remains in the manager DB and the user is unable to remove it.

  • Fixed Issue: 2932465: Password printed in log.

    auth_password and priv_password printed in log.

  • Fixed Issue 2937814: NSX API call fails to return overlay_id (VNI).

    There is an "Unable to find layer 2 id for segment" error. Unable to extend the L2 network.

  • Fixed Issue 2946392: The hanging nslookup command blocked FQDN lookup metrics collector in SHA.

    FQDN lookup metrics collector in SHA executed nslookup command to collect info. It was blocked to wait for the hanging command. The former FQDN lookup alarm hadn't been removed till the hanging commands terminated.

  • Fixed Issue 2949077: Certificate pre-check is failing during upgrade.

    During pre-check a list of certificates are marked invalid and need to be replaced

  • Fixed Issue 2950628: NSX manager loses connectivity with ESXi host after host upgrade.

    After multi-hop upgrade of ESXi host from 6.7 u3 --> 7.0 u3c--> 7.0 u3d,the host is not responding and connectivity with NSX manager is lost. If we try to create vmk port then we get following error: "unable to add vmkernel network interface: Error was: unable to get node: not implemented"

  • Fixed Issue 2951440: MP MTU value set by the user was overwritten by PolicyDefault MTU value of 1500 on upgrade and restart of the policy manager.

    Post Upgrade Service Uplink MTU settings are not getting applied to the CGW segments.

  • Fixed Issue 2954926: PSOD after vMotion of VMs in an environment with sink port (primarily HCX environment) connected to vSphere DVPG and MAC learning enabled ports in the same DVS (either from NSX or vSphere).

  • Fixed Issue 2957476: Out of order packets incoming to nsx-idps are silently dropped.

    Out of order packets incoming to nsx-idps are silently dropped, resulting in drop count per profile incrementing.

  • Fixed Issue 2958252: VDS IPFIX does not function with NSX installed.

    Collector does not receive correctly sampled flows by VDS IPFIX.

  • Fixed Issue 2958765: Handle non-existing cluster gracefully.

    When policy API enables or disables IDFW on a non-existing cluster, a null pointer error will occur. This needs to be handled gracefully.

  • Fixed Issue 2958808: PSOD was observed in the process of changing IPFIX configuration.

    The host will not be responsive after PSOD.

  • Fixed Issue 2961029: NSX Manager upgrade retry operation shrinks corfu database and keep it in same state even after successful upgrade.

    Corfu database is in shrink state even after successful upgrade.

  • Fixed Issue 2966254: The edge dp coredump is seen when both control prior and service core are enabled.

  • Fixed issue 2971114: Loss of connection to Edge due to datapath refcount issue.

    Loss of connection to the Edge, and the following logs seen in syslog: "PAX: refcount overflow detected" "PAX: refcount error occurred at: scsi_sanitize_inquiry_string+0xc4/0x106 [smartpqi]".

  • Fixed Issue 2982579: Realization of DFW Rule containing Pure AD Policy Groups fails after upgrade to 3.2.1 , if the DFW Rule is updated after upgrade.

    Realization failure of DFW Rule containing Pure AD Groups.

  • Fixed Issue 2974706: Controller failed to join cluster due to failure in re-sync with replication service upon service restart.

    Controller failed to join cluster due to failure in re-sync with replication service upon service restart.

  • Fixed Issue 2990847: Cross-site route sync for stretched Tier0 gateway didn't resume when interfaces were re-created after deleting all the interfaces on the edge nodes of one site.

    When Tier0 is stretched to more than one, it establishes sessions over internal routing backplane between Tier0 service router. These remote IBGP session remains in connect state.

  • Fixed Issue 2930824: vRA edges from old setup were probably not cleaned properly. Those edges were causing connectivity issue because they were not getting populated in vra_input.json.

    vRA makes a connection from VCenter and not from NSX-V. So these stale edges had connections made from VCenter. Those were not getting identified during migration

  • Fixed Issue 3006369: MPS feature activation fails because of missing license information in platform-licenses configmap.

    1) Common agent updates the configmap "platform-licenses" on platform install. This contains license information and is a pre-requisite for reputation service to function correctly.

    2) In some instances, common agent fails to update the correct license information and hence, the CrashLoopBackOff errors in reputation-service.

  • Fixed Issue 2964713: Rules with more than 15 ports are allowed to publish only to fail in later stages.

    Customer may not know that the rule fails to publish / realize out of this reason.

  • Fixed issue 2964752: Page leak in shared memory setup by dvfilter library for vDPI.

    1. When packets needs to be dropped from vDPI, due to internal queue being full or TxRing is full, it drops them via IOCTL provided by dvfilter library 2. At high rate, IOCTL can fail and lead to page(associated with packets) leak.

    3. As number of page leaks increase, temporary or permanent traffic loss will be observed If all pages are leaked, then packets cannot be sent from vmkernel to VDPI and leads to traffic loss.

  • Fixed Issue 2994665: Unable to delete T0 Gateway and its interfaces.

    Customer was using troubleshooting API to delete interfaces. This failed because of an incorrect request parameter.

  • Fixed Issue 2969847: Incorrect DSCP priority.

    DSCP priority from a custom QoS profile is not propagated to host when the value is 0, resulting in traffic prioritization issues.

  • Fixed Issue 2879979: IKE service may not initiate new IPsec route based session after "dead peer detection" has happened due to IPsec peer being unreachable.

    There could be outage for specific IPsec route based session.

  • Fixed Issue 2879734: Configuration fails when same self signed certificate is used in two different IPsec local endpoints.

    "Configuration failed" error is seen for the second IPsec session using the same self signed certificate

  • Fixed Issue 2816781: Physical servers cannot be configured with a load-balancing based teaming policy as they support a single VTEP.

    TransportNode installation will go in a failure state. You won't be able to configure physical servers with a load-balancing based teaming policy.

  • Fixed Issue 2879119: When a virtual router is added, the corresponding kernel network interface does not come up.

    Routing on the vrf fails. No connectivity is established for VMs connected through the vrf.

  • Fixed Issue 2874995: LCores priority may remain high even when not used, rendering them unusable by some VMs.

    Performance degradation for "Normal Latency" VMs.

  • Fixed Issue 2854139: Continuous addition/removal of BGP routes into RIB for a topology where Tier0 SR on edge has multiple BGP neighbors and these BGP neighbors are sending ECMP prefixes to the Tier0 SR.

    Traffic drop for the prefixes that are getting continuously added/deleted.

  • Fixed Issue 2839782: Unable to upgrade from NSX-T 2.4.1 to 2.5.1 because CRL entity is large, and Corfu imposes a size limit in 2.4.1, thereby preventing the CRL entity from being created in the Corfu during upgrade.

    Unable to upgrade.

  • Fixed Issue 2561988: All IKE/IPSEC sessions are temporarily disrupted.

    Traffic outage will be seen for some time.

  • Fixed Issue 2945515: NSX tools upgrade in Azure can fail on Redhat Linux VMs.

    By default, NSX tools are installed on /opt directory. However, during NSX tools installation default path can be overridden with "--chroot-path" option passed to the install script.

    Insufficient disk space on the partition where NSX tools is installed can cause NSX tools upgrade to fail.

Known Issues

  • Issue 2663483: The single-node NSX Manager will disconnect from the rest of the NSX Federation environment if you replace the APH-AR certificate on that NSX Manager.

    This issue is seen only with NSX Federation and with the single node NSX Manager Cluster. The single-node NSX Manager will disconnect from the rest of the NSX Federation environment if you replace the APH-AR certificate on that NSX Manager.

    Workaround: Single-node NSX Manager cluster deployment is not a supported deployment option, so have three-node NSX Manager cluster.

  • Issue 3005685: When configuring an Open ID Connect connection as an NSX LM authentication provider, customers may encounter errors.

    OpenID Connect configuration produces errors on configuration.

    Workaround: None.

  • Issue 2879133: Malware Prevention feature can take up to 15 minutes to start working.

    When the Malware Prevention feature is configured for the first time, it can take up to 15 minutes for the feature to be initialized. During this initialization, no malware analysis will be done, but there is no indication that the initialization is occurring.

    Workaround: Wait 15 minutes.

  • Issue 2868944: UI feedback is not shown when migrating more than 1,000 DFW rules from NSX for vSphere to NSX-T Data Center, but sections are subdivided into sections of 1,000 rules or fewer.

    UI feedback is not shown.

    Workaround: Check the logs.

  • Issue 2865273: Advanced Load Balancer (Avi) search engine won't connect to Avi Controller if there is a DFW rule to block ports 22, 443, 8443 and 123 prior to migration from NSX for vSphere to NSX-T Data Center.

    Avi search engine is not able to connect to the Avi Controller.

    Workaround: Add explicit DFW rules to allow ports 22, 443, 8443 and 123 for SE VMs or exclude SE VMs from DFW rules.

  • Issue 2864929: Pool member count is higher when migrated from NSX for vSphere to Avi Load Balancer on NSX-T Data Center.

    You will see a higher pool member count. Health monitor will mark those pool members down but traffic won't be sent to unreachable pool members.

    Workaround: None.

  • Issue 2719682: Computed fields from Avi controller are not synced to intent on Policy resulting in discrepancies in Data shown on Avi UI and NSX-T UI.

    Computed fields from Avi controller are shown as blank on the NSX-T UI.

    Workaround: App switcher to be used to check the data from Avi UI.

  • Issue 2848614: When joining an MP to an MP cluster where publish_fqdns is set on the MP cluster and where the forward or reverse lookup entry missing in external DNS server or dns entry missing for joining node, forward or reverse alarms are not generated for the joining node.

    Forward/Reverse alarms are not generated for the joining node even though forward/reverse lookup entry is missing in DNS server or dns entry is missing for the joining node.

    Workaround: Configure the external DNS server for all Manager nodes with forward and reverse DNS entries.

  • Issue 2871585: Removal of host from DVS and DVS deletion is allowed for DVS versions less than 7.0.3 after NSX Security on vSphere DVPortgroups feature is enabled on the clusters using the DVS.

    You may have to resolve any issues in transport node or cluster configuration that arise from a host being removed from DVS or DVS deletion.

    Workaround: None.

  • Issue 2870085: Security policy level logging to enable/disable logging for all rules is not working.

    You will not be able to change the logging of all rules by changing "logging_enabled" of security policy.

    Workaround: Modify each rule to enable/disable logging.

  • Issue 2866682: In Microsoft Azure, when accelerated networking is enabled on SUSE Linux Enterprise Server (SLES) 12 SP4 Workload VMs and with NSX Agent installed, the ethernet interface does not obtain an IP address.

    VM agent doesn't start and VM becomes unmanaged.

    Workaround: Disable Accelerated networking.

  • Issue 2884939: NSX-T Policy API results in error: Client 'admin' exceeded request rate of 100 per second (Error code: 102).

    The NSX rate limiting of 100 requests per second is reached when we migrate a large number of VS from NSX for vSphere to NSX-T ALB and all APIs are temporarily blocked.

    Workaround: Update Client API rate limit to 200 or more requests per second.

    Note: There is fix on AVI version 21.1.4 release.

  • Issue 2792485: NSX manager IP is shown instead of FQDN for manager installed in vCenter.

    NSX-T UI Integrated in vCenter shows NSX manager IP instead of FQDN for installed manager.

    Workaround: None.

  • Issue 2888207: Unable to reset local user credentials when vIDM is enabled.

    You are unable to change local user passwords while vIDM is enabled.

    Workaround: vIDM configuration must be (temporarily) disabled, the local credentials reset during this time, and then integration re-enabled.

  • Issue 2885330: Effective member not shown for AD group.

    Effective members of AD group not displayed. No datapath impact.

    Workaround: None.

  • Issue 2877776: "get controllers" output may show stale information about controllers that are not the master when compared to the controller-info.xml file.

    This CLI output is confusing.

    Workaround: Restart nsx-proxy on that TN.

  • Issue 2853889: When creating EVPN Tenant Config (with vlan-vni mapping), Child Segments are created, but the child segment's realization status gets into failed state for about 5 minutes and recovers automatically.

    It will take 5 minutes to realize the EVPN tenant configuration.

    Workaround: None. Wait 5 minutes.

  • Issue 2690457: When joining an MP to an MP cluster where publish_fqdns is set on the MP cluster and where the external DNS server is not configured properly, the proton service may not restart properly on the joining node.

    The joining manager will not work and the UI will not be available.

    Workaround: Configure the external DNS server with forward and reverse DNS entries for all Manager nodes.

  • Issue 2490064: Attempting to disable VMware Identity Manager with "External LB" toggled on does not work.

    After enabling VMware Identity Manager integration on NSX with "External LB", if you attempt to then disable integration by switching "External LB" off, after about a minute, the initial configuration will reappear and overwrite local changes.

    Workaround: When attempting to disable vIDM, do not toggle the External LB flag off; only toggle off vIDM Integration. This will cause that config to be saved to the database and synced to the other nodes.

  • Issue 2355113: Workload VMs running RedHat and CentOS on Azure accelerated networking instances is not supported.

    In Azure when accelerated networking is enabled on RedHat or CentOS based OS's and with NSX Agent installed the ethernet interface does not obtain an IP address.

    Workaround: Disable accelerated networking for RedHat and CentOS based OS.

  • Issue 2684574: If the edge has 6K+ routes for Database and Routes, the Policy API times out.

    These Policy APIs for the OSPF database and OSPF routes return an error if the edge has 6K+ routes: /tier-0s/<tier-0s-id>/locale-services/<locale-service-id>/ospf/routes /tier-0s/<tier-0s-id>/locale-services/<locale-service-id>/ospf/routes?format=csv /tier-0s/<tier-0s-id>/locale-services/<locale-service-id>/ospf/database /tier-0s/<tier-0s-id>/locale-services/<locale-service-id>/ospf/database?format=csv If the edge has 6K+ routes for Database and Routes, the Policy API times out. This is a read-only API and has an impact only if the API/UI is used to download 6k+ routes for OSPF routes and database.

    Workaround: Use the CLI commands to retrieve the information from the edge.

  • Issue 2574281: Policy will only allow a maximum of 500 VPN Sessions.

    NSX claims support of 512 VPN Sessions per edge in the large form factor, however, due to Policy doing auto plumbing of security policies, Policy will only allow a maximum of 500 VPN Sessions. Upon configuring the 501st VPN session on Tier0, the following error message is shown: {'httpStatus': 'BAD_REQUEST', 'error_code': 500230, 'module_name': 'Policy', 'error_message': 'GatewayPolicy path=[/infra/domains/default/gateway-policies/VPN_SYSTEM_GATEWAY_POLICY] has more than 1,000 allowed rules per Gateway path=[/infra/tier-0s/inc_1_tier_0_1].'}

    Workaround: Use Management Plane APIs to create additional VPN Sessions.

  • Issue 2838613: For ESX version less than 7.0.3, NSX security functionality not enabled on VDS upgraded from version 6.5 to a higher version after security installation on the cluster.

    NSX security features are not enabled on the the VMs connected to VDS upgraded from 6.5 to a higher version (6.6+) where NSX Security on vSphere DVPortgroups feature is supported.

    Workaround: After VDS is upgraded, reboot the host and power on the VMs to enable security on the VMs.

  • Issue 2799371: IPSec alarms for L2 VPN are not cleared even though L2 VPN and IPSec sessions are up.

    No functional impact except that unnecessary open alarms are seen.

    Workaround: Resolve alarms manually.

  • Issue 2584648: Switching primary for T0/T1 gateway affects northbound connectivity.

    Location failover time causes disruption for a few seconds and may affect location failover or failback test.

    Workaround: None.

  • Issue 2491800: AR channel SSL certificates are not periodically checked for their validity, which could lead to using an expired/revoked certificate for an existing connection.

    The connection would be using an expired/revoked SSL.

    Workaround: Restart the APH on the Manager node to trigger a reconnection.

  • Issue 2558576: Global Manager and Local Manager versions of a global profile definition can differ and might have an unknown behavior on Local Manager.

    Global DNS, session, or flood profiles created on Global Manager cannot be applied to a local group from UI, but can be applied from API. Hence, an API user can accidentally create profile binding maps and modify global entity on Local Manager.

    Workaround: Use the UI to configure system.

  • Issue 2950206: CSM is not accessible after MPs are upgraded and before CSM upgrade.

    When MP is upgraded, the CSM appliance is not accessible from the UI until the CSM appliance is upgraded completely. NSX services on CSM are down at this time. It's a temporary state where CSM is inaccessible during an upgrade. The impact is minimal.

    Workaround: This is an expected behavior. You have to upgrade the CSM appliance to access CSM UI and ensure all services are running.

  • Issue 2882154: Some of the pods are not listed in the output of "kubectl top pods -n nsxi-platform".

    The output of "kubectl top pods -n nsxi-platform" will not list all pods for debugging. This does not affect deployment or normal operation. For certain issues, debugging may be affected.  There is no functional impact. Only debugging might be affected.

    Workaround: There are two workarounds:

    • Workaround 1: Make sure the Kubernetes cluster comes up with version 0.4.x of the metrics-server pod before deploying NAPP platform. This issue is not seen when metrics-server 0.4.x is deployed.
    • Workaround 2: Delete the metrics-server instance deployed by the NAPP charts and deploy upstream Kubernetes metrics-server 0.4.x.
  • Issue 2871440: Workloads secured with NSX Security on vSphere dvPortGroups lose their security settings when they are vMotioned to a host connected to an NSX Manager that is down.

    For clusters installed with the NSX Security on vSphere dvPortGroups feature, VMs that are vMotioned to hosts connected to a downed NSX Manager do not have their DFW and security rules enforced. These security settings are re-enforced when connectivity to NSX Manager is re-established.

    Workaround: Avoid vMotion to affected hosts when NSX Manager is down. If other NSX Manager nodes are functioning, vMotion the VM to another host that is connected to a healthy NSX Manager.

  • Issue 2898020: The error 'FRR config failed:: ROUTING_CONFIG_ERROR (-1)' is displayed on the status of transport nodes.

    The edge node rejects a route-map sequence configured with a deny action that has more than one community list attached to its match criteria. If the edge nodes do not have the admin intended configuration, it results in unexpected behavior.

    Workaround: None

  • Issue 2910529: Edge loses IPv4 address after DHCP allocation.

    After the Edge VM is installed and received an IP from DHCP server, within a short time it loses the IP address and becomes inaccessible. This is because the DHCP server does not provide a gateway, hence the Edge node loses IP.

    Workaround: Ensure that the DHCP server provides the proper gateway address. If not, perform the following steps:

    1. Log in to the console of Edge VM as an admin.
    2. Stop service dataplane.
    3. Set interface <mgmt intf> dhcp plane mgmt.
    4. Start service dataplane.
  • Issue 2942900: The identity firewall does not work for event log scraping when Active Directory queries time out.

    The identity firewall issues a recursive Active Directory query to obtain the user's group information. Active Directory queries can time out with a NamingException 'LDAP response read timed out, timeout used: 60000 ms'. Therefore, firewall rules are not populated with event log scraper IP addresses.

    Workaround: To improve recursive query times, Active Directory admins may organize and index the AD objects.

  • Issue 2958032: If you are using NSX-T 3.2 or upgrading to an NSX-T 3.2 maintenance release, the file type is not shown properly and is truncated at 12 characters on the Malware Prevention dashboard.

    On the Malware Prevention dashboard, when you click to see the details of the inspected file, you will see incorrect data because the file type will be truncated at 12 characters. For example, for a file with File Type as WindowsExecutableLLAppBundleTarArchiveFile, you will only see WindowsExecu as File Type on Malware Prevention UI.

    Workaround: Do a fresh NAPP installation with an NSX-T 3.2 maintenance build instead of upgrading from NSX-T 3.2 to an NSX-T 3.2 maintenance release.

  • Issue 2954520: When Segment is created from policy and Bridge is configured from MP, detach bridging option is not available on that Segment from UI.

    You will not be able to detach or update bridging from UI if Segment is created from policy and Bridge is configured from MP.

    If a Segment is created from the policy side, you are advised to configure bridging only from the policy side. Similarly, if a Logical Switch is created from the MP side, you should configure bridging only from the MP side.

    Workaround: You need to use APIs to remove bridging:

    1. Update concerned LogicalPort and remove attachment

    PUT :: https://<mgr-ip>/api/v1/logical-ports/<logical-port-id> Add this to headers in PUT payload headers field -> X-Allow-Overwrite : true

    2. DELETE BridgeEndpoint

    DELETE :: https://<mgr-ip>/api/v1/bridge-endpoints/<bridge-endpoint-id>

    3. Delete LogicalPort

    DELETE :: https://<mgr-ip>/api/v1/logical-ports/<logical-port-id>

  • Issue 2889482: The wrong save confirmation is shown when updating segment profiles for discovered ports.

    The Policy UI allows editing of discovered ports but does not send the updated binding map for port update requests when segment profiles are updated. A false positive message is displayed after clicking Save. Segments appear to be updated for discovered ports, but they are not.

    Workaround: Use MP API or UI to update the segment profiles for discovered ports.

  • Issue 2919218: Selections made to the host migration are reset to default values after the MC service restarts.

    After the restart of the MC service, all the selections relevant to host migration such as enabling or disabling clusters, migration mode, cluster migration ordering, etc., that were made earlier are reset to default values.

    Workaround: Ensure that all the selections relevant to host migration are performed again after the restart of the MC service.

  • Issue 2931403: Network interface validation prevents API users from performing updates.

    An Edge VM network interface can be configured with network resources such as port groups, VLAN logical switches, or segments that are accessible for specified compute and storage resources. Compute-Id regroup moref in intent is stale and no longer present in VC after a power outage (moref of resource pool changed after VC was restored).

    Workaround: Redeploy edge and specify valid moref Ids.

check-circle-line exclamation-circle-line close-line
Scroll to top icon