diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
index 5256759ca5f..930272ed8ee 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-egress-acl-rule.xml
@@ -192,10 +192,10 @@ under the License.
     aclrulename="dummy"
     descr=value
     actiontype="drop" or "permit"
-    protocolvalue = "TCP" or UDP or ICMP
-    deststartip="source start ip"
-    destendip="source end ip"
-    sourcestartport="start port at destination"
-    sourceendport="end port at destination"
-    sourceip="public ip at destination"
+    protocolvalue = "TCP" or "UDP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourcestartport="start port at source"
+    sourceendport="end port at source"
+    sourceip="source ip"
 --!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
new file mode 100755
index 00000000000..92c25043dad
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-egress-acl-rule.xml
@@ -0,0 +1,122 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="destination"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%deststartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%destendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    deststartip="destination start ip"
+    destendip="destination end ip"
+    sourceip="source ip"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
new file mode 100755
index 00000000000..7c1164138bc
--- /dev/null
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-generic-ingress-acl-rule.xml
@@ -0,0 +1,121 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<configConfMos
+  cookie="%cookie%"
+  inHierarchical="false">
+  <inConfigs>
+
+    <pair key="%aclruledn%">
+      <policyRule
+        descr="%descr%"
+        dn="%aclruledn%"
+        name="%aclrulename%"
+        order="%order%"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-action-0">
+      <fwpolicyAction
+        actionType="%actiontype%"
+        dn="%aclruledn%/rule-action-0"
+        id="0"
+        status="created"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-2">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-2"
+        id="2"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-2/nw-expr2"
+        id="2"
+        opr="eq"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2">
+      <policyProtocol
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-2/nw-expr2/nw-protocol-2"
+        id="2"
+        name=""
+        placement="none"
+        status="created"
+        value="%protocolvalue%"/>
+    </pair>
+
+    <pair key="%aclruledn%/rule-cond-3">
+      <policyRuleCondition
+        dn="%aclruledn%/rule-cond-3"
+        id="3"
+        order="unspecified"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2">
+      <policyNetworkExpression
+        dn="%aclruledn%/rule-cond-3/nw-expr2"
+        id="2"
+        opr="range"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual">
+      <policyNwAttrQualifier
+        attrEp="source"
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-attr-qual"
+        status="created"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-2"
+        id="2"
+        name=""
+        placement="begin"
+        status="created"
+        value="%sourcestartip%"/>
+    </pair>
+    <pair key="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3">
+      <policyIPAddress
+        dataType="string"
+        descr=""
+        dn="%aclruledn%/rule-cond-3/nw-expr2/nw-ip-3"
+        id="3"
+        name=""
+        placement="end"
+        status="created"
+        value="%sourceendip%"/>
+    </pair>
+
+  </inConfigs>
+</configConfMos>
+
+<!--
+    aclruledn="org-root/org-vlan-123/org-VDC-vlan-123/pol-test_policy/rule-dummy"
+    aclrulename="dummy"
+    descr=value
+    actiontype="drop" or "permit"
+    protocolvalue = "TCP" or "UDP" or "ICMP"
+    sourcestartip = "source start IP"
+    sourceendip = "source end IP"
+--!>
diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
index be704836497..1af30b44416 100755
--- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
+++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-ingress-acl-rule.xml
@@ -192,10 +192,10 @@ under the License.
     aclrulename="dummy"
     descr=value
     actiontype="drop" or "permit"
-    protocolvalue = "TCP" or UDP or ICMP
+    protocolvalue = "TCP" or "UDP"
     sourcestartip="source start ip"
     sourceendip="source end ip"
     deststartport="start port at destination"
     destendport="end port at destination"
-    destinationip="public ip at destination"
+    destip="destination ip"
 --!>
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
index 2c2a74fef95..2f67bdb8961 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java
@@ -143,12 +143,22 @@ public interface CiscoVnmcConnection {
             String destStartPort, String destEndPort, String destIp)
             throws ExecutionException;
 
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp, String destIp)
+            throws ExecutionException;
+
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
             String protocol, String sourceStartPort, String sourceEndPort, String sourceIp,
             String destStartIp, String destEndIp)
             throws ExecutionException;
 
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp, String destStartIp, String destEndIp)
+            throws ExecutionException;
+
     public boolean deleteTenantVDCAclRule(String tenantName,
             String identifier, String policyIdentifier) throws ExecutionException;
 
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
index 0196dc52b19..360a056b55b 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java
@@ -93,6 +93,8 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         CREATE_ACL_POLICY_REF("create-acl-policy-ref.xml", "policy-mgr"),
         CREATE_INGRESS_ACL_RULE("create-ingress-acl-rule.xml", "policy-mgr"),
         CREATE_EGRESS_ACL_RULE("create-egress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_INGRESS_ACL_RULE("create-generic-ingress-acl-rule.xml", "policy-mgr"),
+        CREATE_GENERIC_EGRESS_ACL_RULE("create-generic-egress-acl-rule.xml", "policy-mgr"),
 
         DELETE_RULE("delete-rule.xml", "policy-mgr"),
 
@@ -674,10 +676,11 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
             String destStartPort, String destEndPort, String destIp) throws ExecutionException {
         String xml = VnmcXml.CREATE_INGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_INGRESS_ACL_RULE.getService();
+
         xml = replaceXmlValue(xml, "cookie", _cookie);
         xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
         xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
-        xml = replaceXmlValue(xml, "descr", "Ingress ACL policy for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
@@ -697,6 +700,34 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
         return verifySuccess(response);
     }
 
+    @Override
+    public boolean createTenantVDCIngressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceStartIp, String sourceEndIp,
+            String destIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_INGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Ingress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "sourcestartip", sourceStartIp);
+        xml = replaceXmlValue(xml, "sourceendip", sourceEndIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
     @Override
     public boolean createTenantVDCEgressAclRule(String tenantName,
             String identifier, String policyIdentifier,
@@ -704,15 +735,44 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection {
             String destStartIp, String destEndIp) throws ExecutionException {
         String xml = VnmcXml.CREATE_EGRESS_ACL_RULE.getXml();
         String service = VnmcXml.CREATE_EGRESS_ACL_RULE.getService();
+
         xml = replaceXmlValue(xml, "cookie", _cookie);
         xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
         xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
-        xml = replaceXmlValue(xml, "descr", "Egress ACL policy for Tenant VDC" + tenantName);
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
         xml = replaceXmlValue(xml, "actiontype", "permit");
         xml = replaceXmlValue(xml, "protocolvalue", protocol);
+        xml = replaceXmlValue(xml, "deststartip", destStartIp);
+        xml = replaceXmlValue(xml, "destendip", destEndIp);
         xml = replaceXmlValue(xml, "sourcestartport", sourceStartPort);
         xml = replaceXmlValue(xml, "sourceendport", sourceEndPort);
         xml = replaceXmlValue(xml, "sourceip", sourceIp);
+
+        List<String> rules = listChildren(getDnForAclPolicy(tenantName, policyIdentifier));
+        int order = 100;
+        if (rules != null) {
+            order += rules.size();
+        }
+        xml = replaceXmlValue(xml, "order", Integer.toString(order));
+
+        String response =  sendRequest(service, xml);
+        return verifySuccess(response);
+    }
+
+    @Override
+    public boolean createTenantVDCEgressAclRule(String tenantName,
+            String identifier, String policyIdentifier,
+            String protocol, String sourceIp,
+            String destStartIp, String destEndIp) throws ExecutionException {
+        String xml = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getXml();
+        String service = VnmcXml.CREATE_GENERIC_EGRESS_ACL_RULE.getService();
+
+        xml = replaceXmlValue(xml, "cookie", _cookie);
+        xml = replaceXmlValue(xml, "aclruledn", getDnForAclRule(tenantName, identifier, policyIdentifier));
+        xml = replaceXmlValue(xml, "aclrulename", getNameForAclRule(tenantName, identifier));
+        xml = replaceXmlValue(xml, "descr", "Egress ACL rule for Tenant VDC " + tenantName);
+        xml = replaceXmlValue(xml, "actiontype", "permit");
+        xml = replaceXmlValue(xml, "protocolvalue", protocol);
         xml = replaceXmlValue(xml, "deststartip", destStartIp);
         xml = replaceXmlValue(xml, "destendip", destEndIp);
 
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
index 39ae60b8360..8b5741fcbbf 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java
@@ -187,7 +187,9 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
 
         Map<Capability, String> firewallCapabilities = new HashMap<Capability, String>();
         firewallCapabilities.put(Capability.TrafficStatistics, "per public ip");
+        firewallCapabilities.put(Capability.SupportedTrafficDirection, "ingress,egress");
         firewallCapabilities.put(Capability.SupportedProtocols, "tcp,udp,icmp");
+        firewallCapabilities.put(Capability.SupportedEgressProtocols, "tcp,udp,icmp");
         firewallCapabilities.put(Capability.MultipleIps, "true");
         capabilities.put(Service.Firewall, firewallCapabilities);
 
@@ -650,7 +652,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro
         List<FirewallRuleTO> rulesTO = new ArrayList<FirewallRuleTO>();
         for (FirewallRule rule : rules) {
             IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
-            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr());
+            FirewallRuleTO ruleTO = new FirewallRuleTO(rule, null, sourceIp.getAddress().addr(), rule.getPurpose(), rule.getTrafficType());
             rulesTO.add(ruleTO);
         }
 
diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
index 57c0ed115da..4e98d93371b 100644
--- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
+++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java
@@ -358,25 +358,41 @@ public class CiscoVnmcResource implements ServerResource {
 
                 for (FirewallRuleTO rule : publicIpRulesMap.get(publicIp)) {
                     if (rule.revoked()) {
-                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), publicIp)) {
+                        if (!_connection.deleteTenantVDCAclRule(tenant, Long.toString(rule.getId()), policyIdentifier)) {
                             throw new Exception("Failed to delete ACL rule in VNMC for guest network with vlan " + vlanId);
                         }
                     } else {
                         String[] externalIpRange = getIpRangeFromCidr(rule.getSourceCidrList().get(0));
                         if (rule.getTrafficType() == TrafficType.Ingress) {
-                            if (!_connection.createTenantVDCIngressAclRule(tenant,
-                                    Long.toString(rule.getId()), policyIdentifier,
-                                    rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
-                                    Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
-                                throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1],
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCIngressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), externalIpRange[0], externalIpRange[1], publicIp)) {
+                                    throw new Exception("Failed to create ACL ingress rule in VNMC for guest network with vlan " + vlanId);
+                                }
                             }
                         } else {
-                            if (!_connection.createTenantVDCEgressAclRule(tenant,
-                                    Long.toString(rule.getId()), policyIdentifier,
-                                    rule.getProtocol().toUpperCase(),
-                                    Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
-                                    externalIpRange[0], externalIpRange[1])) {
-                                throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                            if (!rule.getProtocol().equalsIgnoreCase("icmp")) {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(),
+                                        Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]), publicIp,
+                                        externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
+                            } else {
+                                if (!_connection.createTenantVDCEgressAclRule(tenant,
+                                        Long.toString(rule.getId()), policyIdentifier,
+                                        rule.getProtocol().toUpperCase(), publicIp, externalIpRange[0], externalIpRange[1])) {
+                                    throw new Exception("Failed to create ACL egress rule in VNMC for guest network with vlan " + vlanId);
+                                }
                             }
                         }
                     }