As described in the NSX Administration Guide, default firewall settings apply to traffic that does not match any of the user-defined firewall rules. In the vCloud Director tenant portal, the default distributed firewall rule is labeled Default Allow Rule.

The distributed firewall capability must be enabled on an organization virtual datacenter before you can manage the distributed firewall settings using the tenant portal.

The default distributed firewall rule is displayed in the tenant portal's Distributed Firewall screen when you open the tenant portal from the vCloud Director Web Console using the Manage Firewall menu choice on an organization virtual datacenter. Both the General tab for layer 3 traffic and the Ethernet tab for layer 2 traffic have a default distributed firewall rule.

The default distributed firewall rule is configured to allow all layer 3 and layer 2 traffic to pass through the organization virtual datacenter. This setting is indicated by the Allow set in the Action column in the user interface. The default rule is always at the bottom of the rules table.