Create Dynamic Address Groups

A security group is a logical container that assembles guests across multiple ESXi hosts in the cluster. When you create a dynamic address group that meets the right criteria and commit your changes, a corresponding security group is created on the NSX-T Manager. Creating security groups is required to manage and secure the guests; to understand how security groups enable policy enforcement, see Policy Enforcement Using Dynamic Address Groups.
For a dynamic address group to become a security group on NSX-T, you must add match criteria in the dynamic address group in the following format:
. The dynamic address name added in the match criteria must match the dynamic address group name exactly. For example, a dynamic address group called
must include match criteria
. Additionally, you must include the dynamic address group in a device group in a service definition, which is part of a service manager, and committed.
Each security group created from a dynamic address group is in the following format:
. For example,
Each dynamic address group you create must have a unique name across each device group configured on your Panorama.
  1. Configure a dynamic address group for each security group required for your deployment.
    1. Select
      Address Groups
    2. Verify that you are configuring the dynamic address groups in a device group associated with an NSX-T service definition.
    3. Click
      and enter a
      for the address group.
    4. Select
    5. Define the match criteria.
      For the dynamic address group to become a security group in NSX-T Manager, the match criteria string must be enclosed in single quotes with the prefix _nsxt_ followed by the exact name of the Address Group. For example,
    6. Repeat this process for each security group you require.
  2. Commit
    your changes.

Recommended For You