You can edit the default firewall settings that apply to traffic that does not match any of the user-defined firewall rules.
The default firewall rules apply to traffic that does not match any of the user-defined firewall rules. The default Layer 3 rule is under the General tab and the default Layer 2 rule is under the Ethernet tab.
The default firewall rules allow all L3 and L2 traffic to pass through all prepared clusters in your infrastructure. The default rule is always at the bottom of the rules table and cannot be deleted. However, you can change the Action element of the rule from Allow to Drop or Reject, and indicate whether traffic for that rule should be logged.
The default Layer 3 firewall rule applies to all traffic, including DHCP. If you change the Action to Drop or Reject, DHCP traffic will be blocked. You will need to create a rule to allow DHCP traffic.
Prerequisites
Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.