To provide Layer 3 and Layer 2 network security in an organization virtual data center, you can enable and create rules for the distributed firewall on this organization virtual data center. With the distributed firewall rules, you can protect traffic traveling between virtual machines in an organization virtual data center.
VMware Cloud Director supports distributed firewall services on organization virtual data centers that are backed by NSX Data Center for vSphere.
For creating the distributed firewall rules, you can use various grouping objects and security groups. See Custom Grouping Objects and Working with Security Groups.
For information about protecting traffic to and from an edge gateway, see Managing an NSX Data Center for vSphere Edge Gateway Firewall.