To keep the network access between the vCenter Server Appliance and NSX, you exclude the vCenter Server Appliance from all distributed firewall rules.

Configure the NSX distributed firewall rules by using a vCenter Server Appliance. If a rule prevents network access between NSX Manager and vCenter Server, you cannot manage the firewall. Keep the access between the two products by adding vCenter Server to the firewall exclusion list.


  1. Log in to vCenter Server by using the vSphere Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/ui.
    2. Log in by using the following credentials.
      Setting Value
      User name administrator@vsphere.local
      Password vsphere_admin_password
  2. Exclude the vCenter Server Appliance instances from the distributed firewall rules.
    1. From the Home menu, select Networking & Security.
    2. In the Navigator, click Firewall Settings and click the Exclusion List tab.
    3. From the NSX Manager drop-down menu, select
    4. Click the Add button.

      The Select VM(s) to exclude dialog box appears.

    5. Select sfo01m01vc01, add it to the Selected Objects list, and click OK.