Can't update Default Firewall Rule

[fdhex]

In Edge Firewall update, I can't seem to be able to edit the imported bottom rule.

I get the following error from the NSX-T API in the end:

* nsxt_firewall_section.section_bottom: Error during FirewallSection 944eb72d-7a70-4086-9df6-f2bf26c334b5 update: Status: 400 , Body: {
  "httpStatus" : "BAD_REQUEST",
  "error_code" : 100077,
  "module_name" : "NSX Firewall",
  "error_message" : "Default rule found at invalid position: 944eb72d-7a70-4086-9df6-f2bf26c334b5, should be at end of list"
}

I would like to be able to change the default from ALLOW to DROP, no other changes whatsoever. Outcome of terraform apply is

Terraform will perform the following actions:

  ~ nsxt_firewall_section.section_bottom
      rule.0.action: "ALLOW" => "DROP"

[annakhm]

Hi @fdhex, you should be able to control FW section order with recent fix https://github.com/terraform-providers/terraform-provider-nsxt/pull/150.
Unfortunately this fix is not released yet.

[fdhex]

Actually not really since the default rule within a section (of a T0 edge firewall) cannot be deleted/added, it needs to be edited in place with its id (see merge request https://github.com/terraform-providers/terraform-provider-nsxt/pull/154). Once this is specified, the edit works, also with Edge Firewall (LogicalRouter type FW section).

[annakhm]

Should be fixed with https://github.com/terraform-providers/terraform-provider-nsxt/pull/150 and https://github.com/terraform-providers/terraform-provider-nsxt/pull/154