Firewall rules are applied in the order in which they exist in the rule table.

About this task

Rules are displayed (and enforced) in the following order:

  1. User-defined pre rules have the highest priority and are enforced in top-to-bottom ordering with a per-virtual NIC level precedence.

  2. Auto-plumbed rules.

  3. Local rules defined at an NSX Edge level.

  4. Service Composer rules - a separate section for each policy. You cannot edit these rules in the Firewall table, but you can add rules at the top of a security policy firewall rules section. If you do so, you must re-synchronize the rules in Service Composer. For more information, see Service Composer.

  5. Default Distributed Firewall rule

You can move a custom rule up or down in the table. The default rule is always at the bottom of the table and cannot be moved.


  1. In the Firewall tab, select the rule that you want to move.
  2. Click the Move rule up (move up) or Move rule down (move down) icon.
  3. Click Publish Changes.