You can add firewall rules to redirect traffic to registered vendor solutions. Redirected traffic is then processed by the vendor service.


  • The third party service must be registered with NSX Manager, and the service must be deployed in NSX.
  • If the default firewall rule action is set to Block, you must add a rule to allow the traffic to be redirected.


  1. In the vSphere Web Client, navigate to Networking & Security > Firewall.
  2. Click the Partner security services tab.
  3. In the section to which you want to add a rule, click the Add rule (add icon) icon.
    A new any any allow rule is added at the top of the section.
  4. Point to the Name cell of the new rule, click edit, and type a name for the rule.
  5. Specify the Source, Destination, and Service for the rule. For more information, see Add a Firewall Rule
  6. Point to the Action cell of the new rule, and click edit.
    1. In Action, select Redirect.
    2. In Redirect To, select the service profile and the logical switch or security group to which you want to bind the service profile.
      The service profile is applied to virtual machines connected to or contained in the selected logical switch or security group.
    3. Indicate whether the redirected traffic is to be logged and type comments, if any.
    4. Click OK.
      The selected service profile is displayed as a link in the Action column. Clicking the service profile link displays the service profile bindings.
  7. Click Publish Changes.