Gateway firewall represents rules applied at the perimeter firewall.

There are predefined categories under the All Shared Rules view, where rules across all gateways are visible. Rules are evaluated top down, and left to right. The category names can be changed using the API.

Table 1. Categories for Gateway Firewall Rules
Rule Category Purpose
Emergency Used for Quarantine. Can also be used for Allow rules.
System These rules are automatically generated by NSX-T Data Center and are specific to internal control plane traffic, such as, BFD rules, VPN rules and so on.
Note: Do not edit System rules.
Shared Pre Rules These rules are globally applied across gateways.
Local Gateway These rules are specific to a particular gateway.
Auto Service Rules These are auto-plumbed rules applied to the data plane. You can edit these rules as required.
Default These rules define the default gateway firewall behavior.