vCloud Director, while integrated with NSX-V, created a group named "external" for the Edge Gateway firewall, which creates a warning when migrating to NSX-T by using the vCloud Director Migration Utility.

The group "external" was created by vCloud Director only when integrated with NSX-V.   The group was defined as the external vNics of the edge vm.   No such group exists when vCloud Director is integrated with NSX-T due to architectural differences, so there is no way for the vCloud Director Migration Utility to automatically migrate it.

VMware vCloud Director

vDefend Firewall

VMware vDefend Firewall with Advanced Threat Prevention

Architectural differences between NSX-V and NSX-T

One solution is to create a group that uses the external IP's or networks and use that in your rule or just list those IP's or networks in the rules.