Logical firewalls are of two types—Distributed firewall and Edge firewall. The Distributed firewall is ideally deployed to protect east-west traffic, while the Edge firewall protects north-south traffic.
The firewall subsection interface allows you to add sections to separate firewall rules. Both L2 and L3 rules can have multiple sections that can be managed accordingly. For cross-vCenter environments, you must create a Universal section before you can add the universal rules, and you must manage the universal rules from the primary NSX Manager.
To add a firewall subsection, follow these steps: