A logical port, logical switch, or NSGroup can be excluded from a firewall rule.

After you've created a section with firewall rules you may want to exclude an NSX-T Data Center appliance port from the firewall rules.


  1. Select Security > Distributed Firewall from the navigation panel.
  2. Click the Exclusion List tab.
  3. Click Add.
  4. Select a type and an object.
    The available types are Logical Port, Logical Switch, and NSGroup.
  5. Click OK.
  6. To remove an object from the exclusion list, select the object and click Delete on the menu bar.