Firewall exclusion lists are made of groups that can be excluded from a firewall rule based on group membership.
Virtual machines such as load balancers, firewalls, virtual network functions (routing, switching, etc.), and any virtual machines that require promiscuous mode must be in a DFW Exclusion list. VMware does not support adding those virtual machines to DFW; they must be manually added to user excluded groups.
In NSX Manager cluster, the first node must be manually added to the Distributed Firewall Exclude List.
User-defined groups can be excluded from firewall rules, and there are a maximum of 100 groups that can be on the list. IP sets, MAC sets, and Active Directory groups cannot be included as members in a group that is used in a firewall exclusion list.
- Navigate to
.A window appears listing available groups.
- To add a group to the exclusion list, click the check box next to any group. Then click Apply.
- To create a group, click Add Group. See Add a Group.
- To edit a group, click the three dot menu next to a group and select Edit.
- To delete a group, click the three dot menu and select Delete.
- To display group details, click Expand All.