Production environments using vDefend Firewall in NSX 3.2.x / 4.0.x / 4.1.x / 4.2.0-4.2.2 are advised of the following critical impacts

• VADPA35991 – TCP flows dropped when SEQ/ACK number wraps to 0 (zero)
• VADCA25746 - ESXi hosts may PSOD during upgrade from NSX 3.2.x or 4.0.x/4.1.x to 4.2.2 due to NSX VSIP module panic
• VADCA24919 - ESXi host running NSX version 4.2.0 may experience a PSOD in nsxt-vsip module when processing DNS response contain empty domain string
• VADCA25230 - Rule Matching Issues with vDefend Gateway Firewall
• KB 396719 - JDK-8330017: ForkJoinPool Stops Executing Tasks Due to ctl Field Release Count (RC) Overflow

Recommendation: upgrade to NSX 4.2.3.