As we are using universal firewall rules, we have opted to create universal IP sets from the Pimary NSX Manager for each of the virtual machine entities in our topology. Each IP set is then synchronized to the Secondary NSX Manager. Next, we created a universal firewall section, where we created universal firewall rules for our topology. Each universal rule must be created in the universal firewall section for it to be classified as universal and synchronized across NSX Managers.
Once all rule definitions have been created, the universal firewall section rules are evaluated by the DFW before local NSX Manager firewall rules are.