diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 8ca9da4a91..d226258e64 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -4573,11 +4573,11 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                     context.session, remote_group_id)
             ruleid_2_remote_nsgroup_map[sg_rule['id']] = remote_nsgroup_id
             # 0.0.0.0/0 is not a valid entry for local and remote so we need
-            # to change this to 'ANY'
+            # to change this to None
             if sg_rule.get('remote_ip_prefix') == '0.0.0.0/0':
-                sg_rule['remote_ip_prefix'] = 'ANY'
+                sg_rule['remote_ip_prefix'] = None
             if sg_rule.get('local_ip_prefix') == '0.0.0.0/0':
-                sg_rule['local_ip_prefix'] = 'ANY'
+                sg_rule['local_ip_prefix'] = None
 
         return self.nsxlib.firewall_section.create_rules(
             context, section_id, nsgroup_id,
diff --git a/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py b/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
index 815691b47e..b883daf806 100644
--- a/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
+++ b/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
@@ -164,10 +164,12 @@ class TestNSXv3ExtendedSGRule(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,
              'port_range_min': None,
              'local_ip_prefix': None,
              'ethertype': 'IPv4',
-             'protocol': u'udp', 'remote_ip_prefix': 'ANY',
+             'protocol': u'udp',
+             'remote_ip_prefix': None,
              'port_range_max': None,
              'security_group_id': mock.ANY,
-             'remote_group_id': None, 'direction': u'ingress',
+             'remote_group_id': None,
+             'direction': u'ingress',
              'description': ''}]
 
         with mock.patch(