diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
index 2bb0addcecf..4bba3a717ed 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -531,8 +531,11 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
                     .setRuleId(rule.getId())
                     .setProtocol(rule.getProtocol().toUpperCase(Locale.ROOT))
                     .build();
-            return ((rule.getState() == FirewallRule.State.Add && !nsxService.createPortForwardRule(networkRule)) ||
-                    (rule.getState() == FirewallRule.State.Revoke && !nsxService.deletePortForwardRule(networkRule)));
+            if (rule.getState() == FirewallRule.State.Add) {
+                return nsxService.createPortForwardRule(networkRule);
+            } else if (rule.getState() == FirewallRule.State.Revoke) {
+                return nsxService.deletePortForwardRule(networkRule);
+            }
         }
         return true;
     }
@@ -634,8 +637,11 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
                     .setProtocol(loadBalancingRule.getProtocol().toUpperCase(Locale.ROOT))
                     .setAlgorithm(loadBalancingRule.getAlgorithm())
                     .build();
-            return  ((loadBalancingRule.getState() == FirewallRule.State.Add && !nsxService.createLbRule(networkRule)) ||
-                    (loadBalancingRule.getState() == FirewallRule.State.Revoke && !nsxService.deleteLbRule(networkRule)));
+            if (loadBalancingRule.getState() == FirewallRule.State.Add) {
+                return nsxService.createLbRule(networkRule);
+            } else if (loadBalancingRule.getState() == FirewallRule.State.Revoke) {
+                return nsxService.deleteLbRule(networkRule);
+            }
         }
         return true;
     }
diff --git a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java
index 252b189a58e..07bf5dc2249 100644
--- a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java
+++ b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxElementTest.java
@@ -60,6 +60,7 @@ import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.UserVmDao;
 import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.agent.api.CreateNsxTier1GatewayCommand;
 import org.apache.cloudstack.resource.NsxNetworkRule;
 import org.junit.Assert;
 import org.junit.Before;
@@ -249,13 +250,29 @@ public class NsxElementTest {
     }
 
     @Test
-    public void testApplyPFRules() throws ResourceUnavailableException {
+    public void testApplyPFRules_add() throws ResourceUnavailableException {
         NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static,
                 Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1",
                 "network1", null, Network.GuestType.Isolated, 2L, 2L,
                 ControlledEntity.ACLType.Domain, false, 1L, false );
-        PortForwardingRule rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L,
+        PortForwardingRuleVO rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L,
         5L, 2L, 15L);
+        rule.setState(FirewallRule.State.Add);
+        Network.Service service = new Network.Service("service1", new Network.Capability("capability"));
+
+        when(nsxElement.canHandle(networkVO, service)).thenReturn(true);
+        assertTrue(nsxElement.applyPFRules(networkVO, List.of(rule)));
+    }
+
+    @Test
+    public void testApplyPFRules_delete() throws ResourceUnavailableException {
+        NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static,
+                Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1",
+                "network1", null, Network.GuestType.Isolated, 2L, 2L,
+                ControlledEntity.ACLType.Domain, false, 1L, false );
+        PortForwardingRuleVO rule = new PortForwardingRuleVO("1", 11L, 80, 90, new Ip("172.30.10.11"), 8080, 8090, "tcp", 12L,
+                5L, 2L, 15L);
+        rule.setState(FirewallRule.State.Revoke);
         Network.Service service = new Network.Service("service1", new Network.Capability("capability"));
 
         when(nsxElement.canHandle(networkVO, service)).thenReturn(true);
@@ -363,12 +380,13 @@ public class NsxElementTest {
     }
 
     @Test
-    public void testApplyLBRules() throws ResourceUnavailableException {
+    public void testApplyLBRules_add() throws ResourceUnavailableException {
         NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static,
                 Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1",
                 "network1", null, Network.GuestType.Isolated, 2L, 2L,
                 ControlledEntity.ACLType.Domain, false, 1L, false );
         LoadBalancerVO lb = new LoadBalancerVO(null, null, null, 0L, 8080, 8081, null, 0L, 0L, 1L, null, null);
+        lb.setState(FirewallRule.State.Add);
         LoadBalancingRule.LbDestination destination = new LoadBalancingRule.LbDestination(6443, 6443, "172.30.110.11", false);
         LoadBalancingRule rule = new LoadBalancingRule(lb, List.of(destination), null, null, new Ip("10.1.13.10"));
 
@@ -379,6 +397,30 @@ public class NsxElementTest {
         when(vpc.getDomainId()).thenReturn(2L);
         when(vpc.getAccountId()).thenReturn(5L);
         when(ipAddressDao.findByIpAndDcId(anyLong(), anyString())).thenReturn(ipAddress);
+        when(nsxService.createLbRule(any(NsxNetworkRule.class))).thenReturn(true);
+
+        assertTrue(nsxElement.applyLBRules(networkVO, List.of(rule)));
+    }
+
+    @Test
+    public void testApplyLBRules_delete() throws ResourceUnavailableException {
+        NetworkVO networkVO = new NetworkVO(1L, Networks.TrafficType.Public, Networks.Mode.Static,
+                Networks.BroadcastDomainType.NSX, 12L, 2L, 5L, 1L, "network1",
+                "network1", null, Network.GuestType.Isolated, 2L, 2L,
+                ControlledEntity.ACLType.Domain, false, 1L, false );
+        LoadBalancerVO lb = new LoadBalancerVO(null, null, null, 0L, 8080, 8081, null, 0L, 0L, 1L, null, null);
+        lb.setState(FirewallRule.State.Revoke);
+        LoadBalancingRule.LbDestination destination = new LoadBalancingRule.LbDestination(6443, 6443, "172.30.110.11", false);
+        LoadBalancingRule rule = new LoadBalancingRule(lb, List.of(destination), null, null, new Ip("10.1.13.10"));
+
+        VpcVO vpc = Mockito.mock(VpcVO.class);
+
+        IPAddressVO ipAddress = new IPAddressVO(new Ip("10.1.13.10"), 1L, 1L, 1L,false);
+        when(vpcDao.findById(anyLong())).thenReturn(vpc);
+        when(vpc.getDomainId()).thenReturn(2L);
+        when(vpc.getAccountId()).thenReturn(5L);
+        when(ipAddressDao.findByIpAndDcId(anyLong(), anyString())).thenReturn(ipAddress);
+        when(nsxService.deleteLbRule(any(NsxNetworkRule.class))).thenReturn(true);
 
         assertTrue(nsxElement.applyLBRules(networkVO, List.of(rule)));
     }