I just create a Lab try to kill the NSX access and have the INFINITE loop now.
I just assigned the NSX managed to a Distribution group and port Group what were the NSX managed
Then created a DFW rule to block Any source to access the NSX manager IP address.
It works and I am no longer accessing the NSX manager now.
How can we get back to the NSX now?
I suggest moving NSX-T Manager appliances to a VDS/VSS which is not managed by NSX. That way the rules should not apply any more. You may also move a client to that same switch. I am not aware of any way to log on to the console of the appliances to fix this, but would like to know if it is possible.