Symptoms: Edge VMs whose network interfaces are edited, and updated to use NSX logical segments have DFW rules and filters applied.
Environment
VMware NSX-T Data Center VMware NSX-T Data Center 2.x
Cause
On network edit, additional operations to exclude edge connected segment ports from DFW are not executed. Thus, Edge VMs are not excluded from DFW, and filters are applied on logical segment ports consumed by the Edge.
Resolution
This issue is resolved in VMware NSX-T Data Center 2.5.2 and 3.0, available at VMware Downloads.
Workaround: On the edge VM whose network interface has been edited, log in to CLI and issue command 'systemctl restart nsx-opsagent-appliance.service' The next attempt when Edge connects to the Manager, will add logical ports to the DFW exclude list will work as expected.