You can navigate to an NSX Edge to see the firewall rules that apply to it.

Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection. To protect the data plane traffic, create Logical Firewall rules for East-West protection or rules at the NSX Edge Services Gateway level for North-South protection.

Rules are displayed and enforced in the following order:
  1. Predefined distributed firewall rules that are applied to the edge.
    • These rules are defined on the Firewall user interface (Networking & Security > Security > Firewall)
    • These rules are displayed in read-only mode on the NSX Edge Firewall user interface.
  2. Internal rules that enable the control traffic to flow for Edge services. For example, internal rules include the following auto-plumbed rules:
    1. SSL VPN auto-plumb rule: The Edge Firewall tab displays the sslvpn auto-plumb rule when server settings are configured and SSL VPN service is enabled.
    2. DNAT auto-plumb rule: The Edge NAT tab displays the DNAT auto-plumb rule as part of the default SSL VPN configuration.
  3. User-defined rules that are added on the NSX Edge Firewall user interface.
  4. Default rule.