diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
index c978658157c..4e916a7f4f1 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java
@@ -767,37 +767,36 @@ public class NsxApiClient {
         }
     }
 
-    public void createSegmentDistributedFirewall(String policyName, List<NsxNetworkRule> nsxRules) {
+    public void createSegmentDistributedFirewall(String segmentName, List<NsxNetworkRule> nsxRules) {
         try {
             SecurityPolicies services = (SecurityPolicies) nsxService.apply(SecurityPolicies.class);
-            List<Rule> rules = getRulesForDistributedFirewall(policyName, nsxRules);
+            List<Rule> rules = getRulesForDistributedFirewall(segmentName, nsxRules);
             SecurityPolicy policy = new SecurityPolicy.Builder()
-                    .setDisplayName(policyName)
-                    .setId(policyName)
+                    .setDisplayName(segmentName)
+                    .setId(segmentName)
                     .setCategory("Application")
                     .setRules(rules)
                     .build();
-            services.patch(DEFAULT_DOMAIN, policyName, policy);
+            services.patch(DEFAULT_DOMAIN, segmentName, policy);
         } catch (Error error) {
             ApiError ae = error.getData()._convertTo(ApiError.class);
-            String msg = String.format("Failed to create NSX distributed firewall policy for segment %s, due to: %s", policyName, ae.getErrorMessage());
+            String msg = String.format("Failed to create NSX distributed firewall policy for segment %s, due to: %s", segmentName, ae.getErrorMessage());
             LOGGER.error(msg);
             throw new CloudRuntimeException(msg);
         }
     }
 
-    private List<Rule> getRulesForDistributedFirewall(String policyName, List<NsxNetworkRule> nsxRules) {
+    private List<Rule> getRulesForDistributedFirewall(String segmentName, List<NsxNetworkRule> nsxRules) {
         List<Rule> rules = new ArrayList<>();
         for (NsxNetworkRule rule: nsxRules) {
-            String ruleId = String.format("%s-%s", policyName, rule.getRuleId());
-            String trafficType = rule.getTrafficType();
+            String ruleId = NsxControllerUtils.getNsxDistributedFirewallPolicyRuleId(segmentName, rule.getRuleId());
             Rule ruleToAdd = new Rule.Builder()
                     .setAction(rule.getAclAction().toUpperCase())
                     .setId(ruleId)
                     .setDisplayName(ruleId)
                     .setResourceType("SecurityPolicy")
-                    .setSourceGroups(getGroupsForTraffic(rule, trafficType, policyName, true))
-                    .setDestinationGroups(getGroupsForTraffic(rule, trafficType, policyName, false))
+                    .setSourceGroups(getGroupsForTraffic(rule, segmentName, true))
+                    .setDestinationGroups(getGroupsForTraffic(rule, segmentName, false))
                     .setServices(List.of("ANY"))
                     .setScope(List.of("ANY"))
                     .build();
@@ -806,11 +805,12 @@ public class NsxApiClient {
         return rules;
     }
 
-    private List<String> getGroupsForTraffic(NsxNetworkRule rule, String trafficType,
-                                             String policyName, boolean source) {
-        List<String> segmentGroup = List.of(String.format("%s/%s", GROUPS_PATH_PREFIX, policyName));
+    protected List<String> getGroupsForTraffic(NsxNetworkRule rule,
+                                             String segmentName, boolean source) {
+        List<String> segmentGroup = List.of(String.format("%s/%s", GROUPS_PATH_PREFIX, segmentName));
         List<String> ruleCidrList = rule.getCidrList();
 
+        String trafficType = rule.getTrafficType();
         if (trafficType.equalsIgnoreCase("ingress")) {
             return source ? ruleCidrList : segmentGroup;
         } else if (trafficType.equalsIgnoreCase("egress")) {
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
index ce6e7992533..ae356a40f6d 100644
--- a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
+++ b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/utils/NsxControllerUtils.java
@@ -45,6 +45,10 @@ public class NsxControllerUtils {
         return String.format("D%s-A%s-Z%s-%s%s-NAT", domainId, accountId, dataCenterId, resourcePrefix, resourceId);
     }
 
+    public static String getNsxDistributedFirewallPolicyRuleId(String segmentName, long ruleId) {
+        return String.format("%s-P%s", segmentName, ruleId);
+    }
+
     public NsxAnswer sendNsxCommand(NsxCommand cmd, long zoneId) throws IllegalArgumentException {
 
         NsxProviderVO nsxProviderVO = nsxProviderDao.findByZoneId(zoneId);
diff --git a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxApiClientTest.java b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxApiClientTest.java
index a5d9ef33d1a..2408b6f1e43 100644
--- a/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxApiClientTest.java
+++ b/plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/service/NsxApiClientTest.java
@@ -20,6 +20,8 @@ import com.vmware.nsx_policy.infra.domains.Groups;
 import com.vmware.nsx_policy.model.Group;
 import com.vmware.nsx_policy.model.PathExpression;
 import com.vmware.vapi.bindings.Service;
+import org.apache.cloudstack.resource.NsxNetworkRule;
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
@@ -64,4 +66,28 @@ public class NsxApiClientTest {
             Mockito.verify(pathExpressions[0]).setPaths(List.of(segmentPath));
         }
     }
+
+    @Test
+    public void testGetGroupsForTrafficIngress() {
+        NsxNetworkRule rule = Mockito.mock(NsxNetworkRule.class);
+        Mockito.when(rule.getCidrList()).thenReturn(List.of("ANY"));
+        Mockito.when(rule.getTrafficType()).thenReturn("Ingress");
+        String segmentName = "segment";
+        List<String> sourceGroups = client.getGroupsForTraffic(rule, segmentName, true);
+        List<String> destinationGroups = client.getGroupsForTraffic(rule, segmentName, false);
+        Assert.assertEquals(List.of("ANY"), sourceGroups);
+        Assert.assertEquals(List.of(String.format("%s/%s", NsxApiClient.GROUPS_PATH_PREFIX, segmentName)), destinationGroups);
+    }
+
+    @Test
+    public void testGetGroupsForTrafficEgress() {
+        NsxNetworkRule rule = Mockito.mock(NsxNetworkRule.class);
+        Mockito.when(rule.getCidrList()).thenReturn(List.of("ANY"));
+        Mockito.when(rule.getTrafficType()).thenReturn("Egress");
+        String segmentName = "segment";
+        List<String> sourceGroups = client.getGroupsForTraffic(rule, segmentName, true);
+        List<String> destinationGroups = client.getGroupsForTraffic(rule, segmentName, false);
+        Assert.assertEquals(List.of(String.format("%s/%s", NsxApiClient.GROUPS_PATH_PREFIX, segmentName)), sourceGroups);
+        Assert.assertEquals(List.of("ANY"), destinationGroups);
+    }
 }