From 4b05c62e788485b776b73914d4106dd88ada8977 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Mon, 15 May 2017 09:40:28 +0300
Subject: [PATCH] NSX|V: Fix use case with no FWaaS for a router

In case FWaaS is enabled, but a router is not assigned to and firewall,
the Allow-external traffic rule should be added to the edge firewall, just like
when FWaaS is disabled.

Change-Id: Id59b467c530ac0aa6070539358481e41be4623d6
---
 vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py
index 53e90fadd5..cd76f8787e 100644
--- a/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py
+++ b/vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks.py
@@ -98,6 +98,10 @@ class NsxvFwaasCallbacks(firewall_l3_agent.L3WithFWaaS):
                 # Do not add firewall rules on the tlr router.
                 return False
 
+        if not self._get_router_firewall_id(ctx_elevated, router_id):
+            # No FWaas Firewall was assigned to this router
+            return False
+
         return True
 
     def get_fwaas_rules_for_router(self, context, router_id):