You can configure a service, and specify parameters for matching network traffic such as a port and protocol pairing.

You can also use a service to allow or block certain types of traffic in firewall rules. You cannot change the type after you create a service. Some services are predefined and cannot be modified or deleted.


  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Inventory > Services.
  3. Click Add Service.
  4. Enter a name.
  5. Click Set Service Entries.
  6. Select a type.
    The choices are Layer 2 and Layer 3 and above.
  7. Under Port-Protocol, click Add Service Entry to add one or more service entries.
    For layer 2, the only available service type is Ether.

    For layer 3 and above, the available service types are IP, IGMP, ICMPv4, ICMPv6,ALG, TCP, and UDP.

  8. Click the Services tab to add one or more services.
    Any service that you add is considered a nested service because it is included in the service that you are creating. The recommended maximum level of nesting is 3. An example of three levels of nesting: service A includes service B, service B includes service C, and service C includes service D. In addition, cyclic nesting is not allowed. In the previous example, service C cannot include service A or B.
  9. Click Apply.
  10. (Optional) Add one or more tags.
  11. (Optional) Enter a description.
  12. Click Save.