pyvcloud icon indicating copy to clipboard operation
pyvcloud copied to clipboard
verified publisher icon vmware-archive

AccessForbidden exception while adding firewall gateway rule

Open mukultaneja opened this issue 5 years ago • 0 comments

I am getting AccessForbidden exception while adding a firewall gateway rule onto vCD 9.5. Below is the error snippet I got when trying to add a firewall rule,

Request body: 5true<globalConfig><tcpPickOngoingConnections>false</tcpPickOngoingConnections><tcpAllowOutOfWindowPackets>false</tcpAllowOutOfWindowPackets><tcpSendResetForClosedVsePorts>true</tcpSendResetForClosedVsePorts><dropInvalidTraffic>true</dropInvalidTraffic><logInvalidTraffic>false</logInvalidTraffic><tcpTimeoutOpen>30</tcpTimeoutOpen><tcpTimeoutEstablished>3600</tcpTimeoutEstablished><tcpTimeoutClose>30</tcpTimeoutClose><udpTimeout>60</udpTimeout><icmpTimeout>10</icmpTimeout><icmp6Timeout>10</icmp6Timeout><ipGenericTimeout>120</ipGenericTimeout></globalConfig><defaultPolicy>deny<loggingEnabled>false</loggingEnabled></defaultPolicy><firewallRules><firewallRule>131086<ruleTag>131086</ruleTag>firewall<ruleType>internal_high</ruleType>true<loggingEnabled>false</loggingEnabled>firewallacceptfalse<vnicGroupId>vse</vnicGroupId></firewallRule><firewallRule>131085<ruleTag>1</ruleTag>same<ruleType>user</ruleType>true<loggingEnabled>false</loggingEnabled>same<matchTranslated>false</matchTranslated>acceptfalse<ipAddress>any</ipAddress>false<ipAddress>any</ipAddress>tcpany<sourcePort>any</sourcePort></firewallRule><firewallRule>131084<ruleTag>131084</ruleTag>default rule for ingress traffic<ruleType>default_policy</ruleType>true<loggingEnabled>false</loggingEnabled>default rule for ingress trafficdeny</firewallRule><firewallRule xmlns="http://www.vmware.com/vcloud/v1.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1">hello<ruleType>User</ruleType>true<loggingEnabled>true</loggingEnabled>accept</firewallRule></firewallRules> Response status code: 403 Response headers: {'Date': 'Tue, 19 May 2020 10:53:21 GMT', 'X-VMWARE-VCLOUD-REQUEST-ID': '6ab9f0a7-ce8d-409e-86ab-9acd771b973a', 'x-vcloud-access-token': 'eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJyb290IiwiaXNzIjoiYTkzYzlkYjktNzQ3MS0zMTkyLThkMDktYThmN2VlZGE4NWY5QDUyNjE3ZDkwLTNmYjAtNDNjOC04OGRmLWQzMjQ1Y2MwYTUwMiIsImV4cCI6MTU4OTk3MTk0MywidmVyc2lvbiI6InZjbG91ZF8xLjAiLCJqdGkiOiIyNTgzOTFmNzk4YTE0MDQ2OTdhMjNmNzEyZTRiOWI0MSJ9.TQJND1M5-wXIC-3GNaIaW6XWYXTO7vUi8goJr_3kkuOnf3k--sBdVNh6j9AHYrdDjmeqihqjTU4Jcd40-eHXRyk8SQo_DyyD4I6mCtm85yy19uQZUsiACRfKy3T8spjCMV0zbOcbsiMa19SjkPtMo5FG7BR5yPZthu6ByVOdgDc5wWVZzXSscZ4sbI5H7ElDyZ6xBSzrsKqkjjU31VNdAnKAFHlgeJwa_SlMPFdvY_EP_xF4Q-qUvCDD0emsgQlyOXkHAk7uAuv-Cx8Q_PPCQbGW9xmi_hzdU90kRXeBQQSzdq04Y0BquEyigtiRt4O_V_MGhtMjLNoTDmQXua5Wpg', 'x-vcloud-token-type': 'Bearer', 'x-vcloud-authorization': '[REDACTED]', 'Cache-Control': 'no-store, must-revalidate', 'Content-Type': 'application/xml;version=31.0', 'Transfer-Encoding': 'chunked'} Response body: <errorCode>403</errorCode>

This operation is denied.
<rootCauseString>This operation is denied.</rootCauseString>

mukultaneja avatar May 19 '20 10:05 mukultaneja