All the objects (apart from Edge) that are available to choose in the Applied To field eventually resolved to a vNic. This is the fundamentals of how the Distributed Firewall works. Even if you choose a Logical Switch, there is no construct that firewalls the logical switch itself. NSX Manager uses the chosen construct to resolve all the applicable vNics for which to program the rule into the appropriate dvFilter attached to the vNic.
↧