Default firewall settings apply to traffic that does not match any of the user-defined firewall rules. The default Edge firewall policy blocks all incoming traffic. You can change the default action and logging settings.


  1. In the vSphere Web Client, navigate to Networking & Security > NSX Edges.
  2. Double-click an NSX Edge.
  3. Click Manage > Firewall.
  4. Select the Default Rule, which is the last rule in the firewall table.
    You can edit rule action or enable or disable logging of all sessions that match the default rule. Enabling logging can affect performance.
    NSX Version Procedure
    6.4.6 and later
    1. Edit the rule action, if necessary.
    2. In the Log column, click the toggle switch to enable or disable logging.
    6.4.5 and earlier
    1. Point to the Action cell of the default rule and click edit.
    2. Edit the rule action, if necessary.
    3. Click Log or Do not log as necessary.
  5. Click Publish Changes.