diff --git a/vmware_nsx/plugins/nsx_v/plugin.py b/vmware_nsx/plugins/nsx_v/plugin.py
index 50912927c5..984ca9e725 100644
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@@ -4235,7 +4235,8 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
             services=services,
             flags=flags,
             action=action,
-            logged=logged)
+            logged=logged,
+            tag='Project_%s' % rule['tenant_id'])
         return nsx_rule
 
     def create_security_group_rule(self, context, security_group_rule):
diff --git a/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py b/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
index 894251fbd0..5d7c9e183a 100644
--- a/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
+++ b/vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py
@@ -60,7 +60,7 @@ class NsxSecurityGroupUtils(object):
     def get_rule_config(self, applied_to_ids, name, action='allow',
                         applied_to='SecurityGroup',
                         source=None, destination=None, services=None,
-                        flags=None, logged=False):
+                        flags=None, logged=False, tag=None):
         """Helper method to create a nsx rule dict."""
         ruleTag = et.Element('rule')
         ruleTag.attrib['logged'] = 'true' if logged else 'false'
@@ -123,6 +123,9 @@ class NsxSecurityGroupUtils(object):
             if flags.get('direction') is not None:
                 dirTag = et.SubElement(ruleTag, 'direction')
                 dirTag.text = flags.get('direction')
+        if tag:
+            tagTag = et.SubElement(ruleTag, 'tag')
+            tagTag.text = tag
         return ruleTag
 
     def get_rule_id_pair_from_section(self, resp):
diff --git a/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py b/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
index 5d24109977..d2b587bac3 100644
--- a/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
+++ b/vmware_nsx/tests/unit/extensions/test_secgroup_rule_local_ip_prefix.py
@@ -110,7 +110,7 @@ class TestNsxVExtendedSGRule(test_nsxv_plugin.NsxVSecurityGroupsTestCase,
         plugin.nsx_sg_utils.get_rule_config.assert_called_with(
             source=mock.ANY, destination=dest, services=mock.ANY,
             name=mock.ANY, applied_to_ids=mock.ANY, flags=mock.ANY,
-            logged=mock.ANY, action=mock.ANY)
+            logged=mock.ANY, action=mock.ANY, tag=mock.ANY)
 
 
 class TestNSXv3ExtendedSGRule(test_nsxv3_plugin.NsxV3PluginTestCaseMixin,