You can navigate to an NSX Edge to see the firewall rules that apply to it.

Firewall rules applied to a Logical Router only protect control plane traffic to and from the Logical Router control virtual machine. They do not enforce any data plane protection. To protect data plane traffic, create Logical Firewall rules for East-West protection or rules at the NSX Edge Services Gateway level for North-South protection.

Rules created on the Firewall user interface applicable to this NSX Edge are displayed in a read-only mode. Rules are displayed and enforced in the following order:

  1. User-defined rules from the Firewall user interface (Read Only).

  2. Auto-plumbed rules (rules that enable control traffic to flow for Edge services).

    1. SSL VPN auto-plumb rule: The Edge Firewall tab displays the sslvpn auto-plumb rule when server settings are configured and SSL VPN service is enabled.

    2. DNAT auto-plumb rule: The Edge NAT tab displays the DNAT auto-plumb rule as part of default SSL VPN configuration.

  3. User-defined rules on NSX Edge Firewall user interface.

  4. Default rule.