Can I create policy role with a combination of dynamic source and static destination? E.g. SRC=VM Name and DST=IP Addr
Yes below is a screenshot for the rule using the Service Composer
You would need a Security Group with dynamic membership of VM name e.g. SG_VMName,
then the static IP Address would also need to be a Security Group (when using Service Composer) with static membership of an IP Sets e.g. SG_IPSet1
The Security Policy for example can be from Policy SG to SG_IPSet1 then apply that policy to SG_VMName
Hello !
As said by Bayu Wibowo, you can implement the Source as Dynamic security group and destination as Static-IPsets using Service composer or Manually as well.
create security group one with Dynamic Expression (vm_name, Guest_OS,Tag) etc..
Optional : Security group for IPsets / IPset without an Security group
Once this is configured
Go to DFW tab and create the rule manually
Yep, just want to add that you can just use IP Sets object when using Firewall Menu but when using Service Composer you would need Security Group to wrap the IP Sets object