LAB NSX Dynamic Security Group Configuration

NSX Dynamic Security Group Configuration

Task :

• Create a Dynamic Security Group named DCLessons-DY-Web-SG and match the condition definition based on Platform VMware , VM which has name starting Web , comes under this Security Group.
• Now restrict the web-01a to talk to wab-02a by creating Security policy and by Appling it to above Security Policy Group.

Solution:

Click the Service Composer on the left panel

1. Ensure Security Groups tab is selected
2. Select +ADD to create new Security Group
3. Enter "Dclessons-DYWeb-SG “ Security Group in the Name dialog box
4. Click Next

Open the Object Drop Down box

1. Select VM Name from the first Criteria Details drop down list
2. Verify Contains is selected in the middle drop down of the page
3. Enter web in the dialog box
4. Click Finish

Validate Dynamic Security Group Membership

1. Select Groups and Tags
2. Notice newly created Security Group with NO Static Members
3. Dynamic Security group has been defined with criteria
4. Double click on "1 Criteria" to see the logic for this dynamic security group

Create a New Security Policy

1. Select Service Composer
2. Select the Security Policies tab in the Service Composer panel
3. Click +ADD to create Security Policy
4. Type in "Block Web-to-Web Traffic" in the Name field
5. Click Firewall Rules in the left panel
6. Click the +ADD icon to add a New Firewall Rule