You can change the order of user-defined firewall rules that were added in the Edge Firewall tab to customize traffic flowing through the NSX Edge. For example, suppose you have a rule to allow load balancer traffic. You can now add a rule to deny load balancer traffic from a specific IP address group, and position this rule above the LB allow traffic rule.


  1. In the vSphere Web Client, navigate to Networking & Security > NSX Edges.
  2. Double-click an NSX Edge.
  3. Click the Monitor tab and then click the Firewall tab.
  4. Select the rule for which you want to change the priority.

    You cannot change the priority of auto-generated rules or the default rule.

  5. Click the Move Up (Move Up icon) or Move Down (Move Down icon) icon.
  6. Click OK.
  7. Click Publish Changes.