To resolve this issue, roll back the DFW to its default firewall rule set by using NSX Manager REST API DELETE Method:
Notes: Prior to doing the steps, ensure that:
- You have basic authorization with the NSX Manager web credentials such as the admin user, or any vCenter Server user granted NSX privileges.
- header: content-type: application/xml and Accept: application/xml are used.
For more information on how to make API calls to the NSX Manager, see the Using the NSX REST API section in the VMware NSX for vSphere API Guide.
Method: DELETE
URL: https://NSX_Manager_IP/api/4.0/firewall/globalroot-0/config
Note: The request must return a status of 204. This restores the default policy (with a default rule of allow) for DFW and then re-enables access to vCenter Server and the vSphere Web Client.
To prevent this issue from recurring, add vCenter Server in the exclusion list:
- Log in to the vCenter Server using the vSphere Web Client.
- Navigate to Home > Networking & Security.
- Select NSX Manager.
- In the Manage tab, click Exclusion List.
- Select the + icon to add the vCenter Server virtual machine.