Encryption rules are added at the NSX Manager scope. Using the Applied To field, you can then narrow down the scope at which you want to apply the rule. You can add multiple objects at the source and destination levels for each rule, which helps reduce the total number of encryption rules to be added.


If you configure a rule and specify the Sources or Destinations field using logical ports, logical switches, or NSGroups that contain logical ports or logical switches, the rule will not apply to any switch or port that cannot be resolved to a valid IP address.


  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Encryption from the navigation panel.
  3. Click the Rules tab if it is not already selected.
  4. To add a rule, select the section to which you want to add the rule.
    1. Click Add Rule and select Add Rule Above or Add Rule Below.
    2. (Optional) Edit the rule settings.
  5. To clone a rule, select the rule that you want to clone.
    1. Click Actions and select Clone Rule.

      The encryption rule is cloned with the same settings and a slightly different name ("Copy of ...").

    2. (Optional) Edit the rule settings.
  6. To delete a rule, select the rule that you want to delete.
    1. Click Delete Rule.
  7. Click Save.
  8. Click Save again to confirm.