You can exclude a set of virtual machines from NSX distributed firewall protection.
NSX Manager, NSX Controllers, and NSX Edge virtual machines are automatically excluded from NSX distributed firewall protection. In addition, VMware recommends that you place the following service virtual machines in the Exclusion List to allow traffic to flow freely.
– vCenter Server. It can be moved into a cluster that is protected by Firewall, but it must already exist in the exclusion list to avoid connectivity issues. n Partner service virtual machines.
– Virtual machines that require promiscuous mode. If these virtual machines are protected by NSX distributed firewall, their performance may be adversely affected.
– The SQL server that your Windows-based vCenter uses. n vCenter Web server, if you are running it separately.
1 In the vSphere Web Client, click Networking & Security.
2 In Networking & Security Inventory, click NSX Managers.
3 In the Name column, click an NSX Manager.
4 Click the Manage tab and then click the Exclusion List tab.
5 Click the Add (+) icon
6 Type the name of the virtual machine that you want to exclude and click Add
In the next post i will cover how to prepare vSphere Host Cluster for NSX.