A security group is a logical container that
assembles guests across multiple ESXi hosts in the cluster. When
you create a dynamic address group that meets the right criteria
and commit your changes, a corresponding security group is created
on the NSX Manager. Creating security groups are required to manage
and secure the guests; to understand how security groups enable
policy enforcement, see Policy
Enforcement using Dynamic Address Groups.
Configure a dynamic address group for each security
group required for your deployment.
Shared dynamic address groups are not supported on
the VM-Series for VMware NSX.
Select
Objects
Address Groups
.
Verify that you are configuring the dynamic address
groups in a device group associated with an NSX service definition.
Click
Add
and enter a
Name
and
Description
for
the address group.
Select
Type
as
Dynamic
.
Define the match criteria.
For
the dynamic address group to become a security group in NSX Manager,
the match criteria string must be enclosed in single quotes with
the prefix _nsx_ followed by the exact name of the Address Group.
For example,
‘_nsx_PAN_APP_NSX’
.
Repeat this process for each security group you require.
Verify that the corresponding security groups are created
on the NSX Manager.
Select
Network and
Security
Service Composer
Security
Groups
.
Verify that your dynamic address groups appear as
security groups on the Security Groups list. Each security group
is prefixed with your service definition followed by an underscore
and the dynamic address group name.