VMware NSX —Invalid Applied to Value

What if you’re trying to perform a publish operation in the VMware NSX distributed firewall and you get the error “Invalid Applied to…

VMware NSX —Invalid Applied to Value
NSX warning about distributed firewall apply to options

What if you’re trying to perform a publish operation in the VMware NSX distributed firewall and you get the error “Invalid Applied to Value at index 5, rule type LAYER3”?

Error from the NSX Distributed Firewall screen

I recently experienced this error when trying to publish rules after we did an upgrade from NSX 6.3.5 to NSX 6.4.4. Its caused by a rule where you have applied both the Distributed Firewall and a Logical Switch. A UI bug in NSX 6.3.5 (and probably others) allowed you to deselect the checkbox for “Apply this rule on all clusters on which Distributed Firewall is installed”, select an object other than an ESG such as a Logical Switch, and then check the box again. In NSX 6.4.4 when you try to check the box you get the warning below that says all objects except Edge Gateways will be removed.

Distributed Firewall Applied To column

The index number corresponds to the rule in the specific section you are trying to publish counting from top to bottom. So even though the rule ID could be 100, if its the first rule in your section then its index 1, if its the fifth rule in your section then its index 5.

NSX DFW Apply To options

The solution is to either remove the Distributed Firewall from your Applied To column or the logical switch / other object that is conflicting.