diff --git a/vmware_nsx/common/config.py b/vmware_nsx/common/config.py
index 3a8631e258..ad68e83379 100644
--- a/vmware_nsx/common/config.py
+++ b/vmware_nsx/common/config.py
@@ -530,11 +530,6 @@ nsx_p_opts = nsx_v3_and_p + [
     cfg.StrOpt('waf_profile',
                help=_("(Optional) Name or UUID of the default WAF profile to "
                       "be attached to L7 loadbalancer listeners")),
-    cfg.BoolOpt('waf_protect',
-                default=False,
-                help=_("If True and waf_profile is set, it will be used with "
-                       "protection mode. If False - it will be used only for "
-                       "detection")),
     cfg.BoolOpt('allow_passthrough',
                 default=True,
                 help=_("If True, use nsx manager api for cases which are not "
diff --git a/vmware_nsx/plugins/nsx_p/plugin.py b/vmware_nsx/plugins/nsx_p/plugin.py
index 5a5da9075e..5aba441d20 100644
--- a/vmware_nsx/plugins/nsx_p/plugin.py
+++ b/vmware_nsx/plugins/nsx_p/plugin.py
@@ -274,10 +274,8 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
             az.translate_configured_names_to_uuids(
                 self.nsxpolicy, nsxlib=self.nsxlib, search_scope=search_scope)
 
-        self._waf_profile_uuid = self._init_backend_resource(
-            self.nsxpolicy.waf_profile,
-            cfg.CONF.nsx_p.waf_profile,
-            search_scope=search_scope)
+        # WAF is currently not supported by the NSX
+        self._waf_profile_uuid = None
 
         # create or override ipv6 RA service
         unicast_ra = self.nsxpolicy.icmp_service.build_entry(
@@ -325,14 +323,8 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
         raise nsx_exc.NsxPluginException(err_msg=msg)
 
     def get_waf_profile_path_and_mode(self):
-        if not self._waf_profile_uuid:
-            return None, None
-        path = self.nsxpolicy.waf_profile.get_path(
-            profile_id=self._waf_profile_uuid)
-        mode = (policy_constants.WAF_OPERATIONAL_MODE_PROTECTION
-                if cfg.CONF.nsx_p.waf_protect
-                else policy_constants.WAF_OPERATIONAL_MODE_DETECTION)
-        return path, mode
+        # WAF is currently not supported by the NSX
+        return None, None
 
     def _init_dhcp_metadata(self):
         if (cfg.CONF.dhcp_agent_notification and
diff --git a/vmware_nsx/tests/unit/nsx_p/test_plugin.py b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
index b831c1b1b4..04a87535db 100644
--- a/vmware_nsx/tests/unit/nsx_p/test_plugin.py
+++ b/vmware_nsx/tests/unit/nsx_p/test_plugin.py
@@ -67,7 +67,6 @@ DEFAULT_TIER0_ROUTER_UUID = "efad0078-9204-4b46-a2d8-d4dd31ed448f"
 NSX_DHCP_PROFILE_ID = 'DHCP_PROFILE'
 NSX_MD_PROXY_ID = 'MD_PROXY'
 LOGICAL_SWITCH_ID = '00000000-1111-2222-3333-444444444444'
-WAF_PROFILE_ID = 'WAF'
 
 
 def _return_id_key(*args, **kwargs):
@@ -189,7 +188,6 @@ class NsxPPluginTestCaseMixin(
         cfg.CONF.set_override('default_vlan_tz', NSX_VLAN_TZ_NAME, 'nsx_p')
         cfg.CONF.set_override('dhcp_profile', NSX_DHCP_PROFILE_ID, 'nsx_p')
         cfg.CONF.set_override('metadata_proxy', NSX_MD_PROXY_ID, 'nsx_p')
-        cfg.CONF.set_override('waf_profile', WAF_PROFILE_ID, 'nsx_p')
         cfg.CONF.set_override('dhcp_agent_notification', False)
 
     def _create_network(self, fmt, name, admin_state_up,