You can navigate to an NSX Edge to see the firewall rules that apply to it.
Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection. To protect data plane traffic, create Logical Firewall rules for East-West protection or rules at the NSX Edge Services Gateway level for North-South protection.
Rules created on the Firewall user interface applicable to this NSX Edge are displayed in a read-only mode. Rules are displayed and enforced in the following order:
User-defined rules from the Firewall user interface (Read Only).
Auto-plumbed rules (rules that enable control traffic to flow for Edge services).
User-defined rules on NSX Edge Firewall user interface.