I was playing with settings in NSX Manager trough vCenter and successfully locked a whole infrastructure. I have 10 VMs including Active Directory Domain Controller, vCenter, NSX controller, NSX Manager on a single host. All the VMs are connected to vDS. The last thing I did was going into Firewall menu (between NSX Edges and SpoofGuard on the left pane), Ethernet button and then enabling a rule inside it.
As a result I have no connection to VMs from outside, all the VMs don't see each other from inside. I only have access to the host's management kernel adapter/port and vDS (vSwitch) adapter/port. Also I can ping NSX Manager.
By using vShpere Client and connecting to the host, I can open a console of NSX Manager and ping NSX Controller. So NSX Manager has connectivity with the controller and the host. And how to disable firewall? NSX commands are useless, they are only "show" commands, I cannot control anything with NSX CLI.