You can exclude policy groups consisting of members from being applied east-west security services.

Update the exclusion list, a list that references member groups to be excluded from the east-west service introspection policy. The excluded members are not applied with any service introspection policy.
Note:
  • An exclusion list does not support policy groups with IP Set, IP Addresses, or MAC Addresses as members. You can update the exclusion list from the NSX Manager
  • EdgeVMs, if any, are added by system to Policy SI Exclude List through Edge_NSGroup. Removal of Edge_NSGroup might lead to traffic disruption.
An exclusion list does not support policy groups with IP Set, IP Addresses, or MAC Addresses as members. You can update the exclusion list from the NSX Manager UI or by making the following API call: 
PUT https://<policy-mgr>/policy/api/v1/infra/settings/service-insertion/security/exclude-list 
		
{ "members": ["/infra/domains/default/groups/grp1"], "_revision": 1 }

Procedure

  1. Navigate to Security > E-W Network Introspection > Actions > Exclusion List.
    A window appears listing available groups.
  2. To add a user-defined group to the firewall exclusion list, click the check box next to any group. Then click Save.
    1. To create a group, click Add Group. See Add a Group.
    2. To edit a group, click the three dot menu next to a group and select Edit.
    3. To delete a group, click the three dot menu and select Delete.
    4. To display group details, click Expand All.
  3. Click Close.