Set Up Dynamic Address Groups on Panorama

A security group is a logical container that assembles guests across multiple ESXi hosts in the cluster. When you create a dynamic address group that meets the right criteria and commit your changes, a corresponding security group is created on the NSX-V Manager. Creating security groups are required to manage and secure the guests; to understand how security groups enable policy enforcement, see Policy Enforcement using Dynamic Address Groups.
  1. Configure a dynamic address group for each security group required for your deployment.
    Shared dynamic address groups are not supported on the VM-Series for VMware NSX-V.
    1. Select
      Objects
      Address Groups
      .
    2. Verify that you are configuring the dynamic address groups in a device group associated with an NSX-V service definition.
    3. Click
      Add
      and enter a
      Name
      and
      Description
      for the address group.
    4. Select
      Type
      as
      Dynamic
      .
    5. Define the match criteria.
      For the dynamic address group to become a security group in NSX-V Manager, the match criteria string must be enclosed in single quotes with the prefix _nsx_ followed by the exact name of the Address Group. For example,
      ‘_nsx_PAN_APP_NSX’
      .
    6. Repeat this process for each security group you require.
      nsx_plugin_DAG.png
      nsx_plugin_DAG_list.png
  2. Verify that the corresponding security groups are created on the NSX-V Manager.
    1. Select
      Network and Security
      Service Composer
      Security Groups
      .
    2. Verify that your dynamic address groups appear as security groups on the Security Groups list. Each security group is prefixed with your service definition followed by an underscore and the dynamic address group name.
      nsx_plugin_security_groups.png

Related Documentation