Firewall rules can be created using a custom protocol number that is not listed in the protocols drop-down menu.

About this task

A firewall rule with a custom protocol number can be created on the distributed firewall or the NSX Edge firewall.


  1. In the vSphere Web Client, navigate to Networking & Security > Firewall.
  2. Ensure that you are in the General tab to add an L3 rule. Click the Add rule (add icon) icon.
  3. Click Publish Changes.

    A new any allow rule is added at the top of the section. If the system-defined rule is the only rule in the section, the new rule is added above the default rule.

    If you want to add a rule at a specific place in a section, select a rule. In the No. column, click and select Add Above or Add Below.

  4. Point to the Name cell of the new rule and click edit.
  5. Type a name for the new rule.
  6. Specify theSource of the new rule. See Add a Distributed Firewall Rule for icon details.
  7. Specify the Destination of the new rule. See Add a Distributed Firewall Rule for details.
  8. Point to the Service cell of the new rule. Click the Add Service (add icon) icon
  9. Click New Service on the bottom left of the Specify Service window.
  10. Enter the Name of the new protocol (such as OSPF).
  11. From the Protocols drop-down menu select L3_OTHERS.

    A Protocol Number field appears under the drop-down menu.

  12. Enter the Protocol Number (such as 89 for OSPF).
  13. Click OK.


A firewall rule has been created using a custom protocol number.