This section provides the limitations for the various system defined events.

Distributed firewall rule masked by preceding rule event limitation

This event has the following limitations:

  • This event is supported only for NSX-V distributed firewall rules. Other firewall vendors are not supported.
  • The following firewall rule properties are currently supported for masking computation:
    • Source
    • Destination
    • Applied To
    • Service protocol and Port ranges
    • Packet type
    • Layer-7 application IDs
  • Rules with source or destination inversion are not supported.
  • Disabled rules are ignored.
  • Rules with security groups containing excluded members directly or indirectly in Source/Destination or Applied To is not supported.
  • The masking computation for Source, Destination, and Applied To properties are based on the static membership and IP range overlap of member IPSets. Dynamic membership of a security group are not considered for masking.