LAB NSX Dynamic Security Group Configuration

LAB NSX Dynamic Security Group Configuration

Posted on Jan 17, 2020 (0)

NSX Dynamic Security Group Configuration

Task :

  • Create a Dynamic Security Group named DCLessons-DY-Web-SG and match the condition definition based on Platform VMware , VM which has name starting Web , comes under this Security Group.
  • Now restrict the web-01a to talk to wab-02a by creating Security policy and by Appling it to above Security Policy Group.


Click the Service Composer on the left panel

  1. Ensure Security Groups tab is selected
  2. Select +ADD to create new Security Group
  3. Enter "Dclessons-DYWeb-SG “ Security Group in the Name dialog box
  4. Click Next

Open the Object Drop Down box

  1. Select VM Name from the first Criteria Details drop down list
  2. Verify Contains is selected in the middle drop down of the page
  3. Enter web in the dialog box
  4. Click Finish

Validate Dynamic Security Group Membership

  1. Select Groups and Tags
  2. Notice newly created Security Group with NO Static Members
  3. Dynamic Security group has been defined with criteria
  4. Double click on "1 Criteria" to see the logic for this dynamic security group

Create a New Security Policy

  1. Select Service Composer
  2. Select the Security Policies tab in the Service Composer panel
  3. Click +ADD to create Security Policy
  4. Type in "Block Web-to-Web Traffic" in the Name field
  5. Click Firewall Rules in the left panel
  6. Click the +ADD icon to add a New Firewall Rule

Type in "Block Web-to-Web Traffic" in the Name field

  1. Select Block from the Action list
  2. For the Destination field, change Any to Policy's Security Groups
  3. Services select Any
  4. Select State - Enabled
  5. Log - No
  6. Select OK for New Firewall Rule
  7. Click Finish

We are going to apply this Security Policy to the Policy's Security Group, which is now defined as the Source and Destination for our Firewall rule.

 Apply the Security Policy to a Security Group

Highlight the Block Web-to-Web Traffic security policy

  1. Click the Apply Security Policy icon
  2. Select the Dclessons-DY-Web-SG
  3. Select Arrow to move over to Selected Objects
  4. Click APPLY

This information verifies that our rules have successfully synced with the Firewall rules in NSX, and are being correctly applied to the Security Groups

  1. Click on Firewall
  2. Expand the firewall section "Block Web-to-Web Traffic" and verify the rules Creation

Test Web VM to Web VM connectivity using Putty


    You are will be the first.


Please login here to comment.