A logical port, logical switch, or NSGroup can be excluded from a firewall rule.

After you've created a section with firewall rules you may want to exclude an NSX-T appliance port from the firewall rules.


  1. Select Firewall in the navigation panel. Select the Configuration tab.

    The exclusion list screen appears.

  2. Select Objects on the right hand corner of the window.
  3. From the drop-down list, select Logical Ports, Logical Switch, or NSGroup.
  4. Double-click the specific port, switch, or group you would like to exclude from the firewall rule. To close the Object dialogue box, click Objects again.

    The Exclusion List is populated with the name and type of object you are excluding.

  5. To remove an object from the exclusion list, click the x.
  6. Click Save.