Firewall exclusion lists are made of groups that can be excluded from a firewall rule based on group membership.
NSX-T Data Center has system excluded virtual machines, and user excluded groups. NSX Manager and NSX Edge node virtual machines are automatically added to the read-only the System Excluded VMs list. User-defined groups can be excluded from firewall rules, and there are a maximum of 100 groups that can be on the list. IP sets, MAC sets, and Active Directory groups cannot be included as members in a group that is used in a firewall exclusion list.
Antrea groups are not supported in a firewall exclusion list.
Users should not edit the system generated firewall exclusion list. If edited, traffic may be disrupted.
- Navigate to
.A window appears listing available groups.
- To view the read-only automated exclusion list, select the System Excluded VMs tab. You can filter this list by:
- operating system
- power state
- tag scope
- To add a user-defined group to the firewall exclusion list, ensure that you are on the User Excluded Groups tab, click the check box next to any group. Then click Apply.
- To create a group, click Add Group. See Add a Group.
- To edit a group, click the three dot menu next to a group and select Edit.
- To delete a group, click the three dot menu and select Delete.
- To display group details, click Expand All.
- Click Close.