Firewall rules can be edited, deleted, moved up and moved down as part of the Application Rule Manager.


After the flow record has been analyzed you can create firewall rules.


  1. Open a flow session. If you are in the Processed View. Right-click on a single flow cell or shift + first cell > last cell to select several cells, and then right-click. If you are in the Consolidated View select a flow cell and click the Action icon. Select Create Firewall rule.

    The New Firewall Rule pop-up window appears with all of the cells populated based on the selected row data. If several cells were selected, all the source, destination, service objects are added to the corresponding fields of the rule.

  2. Enter a name for the new rule.
  3. (Optional) To select a different source or destination click Select next to the Source or Destination box. Specify a new source or destination from the available objects and click OK.
  4. (Optional) To select a different service click Select the Service box. Distributed Firewall supports ALG (Application Level Gateway) for the following protocols: FTP, CIFS, ORACLE TNS, MS-RPC, and SUN-RPC. Edge supports ALG for FTP only. Specify a new service from the available objects and click OK.
  5. (Optional) To apply the rule to a different scope click Select next to the Applied To box. Make appropriate selections as described in the table below and click OK. By default, the rule is applied to the VNICs you originally right-clicked on.

    To apply a rule to

    Do this

    All prepared clusters in your environment

    Select Apply this rule on all clusters on which Distributed Firewall is enabled. After you click OK, the Applied To column for this rule displays Distributed Firewall.

    One or more cluster, datacenter, distributed virtual port group, NSX Edge, network, virtual machine, vNIC, or logical switch

    1. In Container type, select the appropriate object..

    2. In the Available list, select one or more objects and click add.

    If the rule contains virtual machines and vNICS in the source and destination fields, you must add both the source and destination virtual machines and vNICS to Applied To for the rule to work correctly.

  6. Select the Action described in the table below.


    Results in


    Allows traffic from or to the specified source(s), destination(s), and service(s).


    Blocks traffic from or to the specified source(s), destination(s), and service(s).


    Sends reject message for unaccepted packets.

    RST packets are sent for TCP connections.

    ICMP messages with administratively prohibited code are sent for UDP, ICMP, and other IP connections.

  7. Specify the rule Direction of the rule by clicking the drop-down arrow.
  8. Click OK

What to do next

Publish the firewall rules. See Publishing and Managing Firewall Rules From Application Rule Manager.