Set Up Security Groups on the NSX Manager

A security group is a logical container that assembles guests across multiple ESXi hosts in the cluster. Creating security groups makes it easier to manage and secure the guests; to understand how security groups enable policy enforcement, see Policy Enforcement using Dynamic Address Groups.
  1. Log in to the vSphere user interface.
  2. Select Networking and SecurityService ComposerSecurity Groups, and add a New Security Group.
  3. Add a Name and Description. This name will display in the match criteria list when defining dynamic address groups on Panorama.
  4. Select the guests that constitute the security group. You can either add members dynamically or statically. You can Define Dynamic Membership by matching on security tags (recommended), or statically Select the Objects to Include. In the following screenshot, the guests that belong to the security group are selected using the Objects Type: Virtual Machine option.
    nsx_pan-firewall_service_group_servers.png
  5. Review the details and click OK to create the security group.

Related Documentation