Hello,
after a DDOS attack I have enabled the SYN Flood Protection on all my NSX Edges but suddenly I found out that the rule:

Source: Any - Destination: VSE - Action: Deny

was bypassed for SSH protocol and the port was reachable from extenal network and so from Internet.

If I disable the SYN Flood Protection that rule starts working again.

Any solution?

Thank you