You can change the order of user-defined firewall rules that were added in the Edge Firewall tab to customize traffic flowing through the NSX Edge. For example, suppose you have a rule to allow load balancer traffic. You can now add a rule to deny the load balancer traffic from a specific IP address group, and position this rule above the LB allow traffic rule.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Click Manage > Firewall.
  5. Select the rule for which you want to change the order.
    Important: You cannot change the order of system-generated internal rules and the default rule.
  6. Click the Move Up (Move Up Icon in HTML5. or Move Up Icon in Flex UI) or Move Down (Move Down Icon in HTML5 UI. or Move Down Icon in Flex UI) icon.
    Tip: In NSX 6.4.6 and later, you can drag user-defined rules to change the order. Point to the user-defined rule that you want to drag. A drag handle ( Drag Handle Icon.) icon appears to the left of this rule. Click and drag this handle to move the rule to a valid location in the firewall table.
  7. Click Publish Changes.