Example methods are provided for a network management entity to perform firewall rule creation in a virtualized computing environment. The method may comprise obtaining flow data associated with an application-layer protocol session between a first endpoint and a second endpoint in the virtualized computing environment; and identifying, from the flow data, an association between a control flow and at least one data flow of the application-layer protocol session. The method may also comprise: based on the association, creating a firewall rule that is applicable to both the control flow and at least one data flow; and instructing a first firewall engine associated with the first endpoint, or a second firewall engine associated with the second endpoint, or both, to apply the firewall rule during the application-layer protocol session.