Re: Dynamic and Static policy rules

yraps · ‎11-30-2017

Can I create policy role with a combination of dynamic source and static destination? E.g. SRC=VM Name and DST=IP Addr

bayupw · ‎12-01-2017

Yes below is a screenshot for the rule using the Service Composer

You would need a Security Group with dynamic membership of VM name e.g. SG_VMName,

then the static IP Address would also need to be a Security Group (when using Service Composer) with static membership of an IP Sets e.g. SG_IPSet1

The Security Policy for example can be from Policy SG to SG_IPSet1 then apply that policy to SG_VMName

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

Mparayil · ‎12-01-2017

Hello !

As said by Bayu Wibowo, you can implement the Source as Dynamic security group and destination as Static-IPsets using Service composer or Manually as well.

create security group one with Dynamic Expression (vm_name, Guest_OS,Tag) etc..

Optional : Security group for IPsets / IPset without an Security group

Once this is configured

Go to DFW tab and create the rule manually

bayupw · ‎12-02-2017

Yep, just want to add that you can just use IP Sets object when using Firewall Menu but when using Service Composer you would need Security Group to wrap the IP Sets object

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

All

Dynamic and Static policy rules