Dear Team,

The dfw rules in VCF3 that use dynamic security groups (based on Tags) will cease to work when either  the source or destination group is migrated to VCF4. From initial assessment it seems we will need to create an  IPset for each DSG and edit rules where DSGs are specified to use IPsets instead to enable migration. This process was completed for VCF4 as part of the NSX Migration but without the same change in VCF3 we will have non-functioning firewall rules during the migration period. Could someone please comment and advise?

Thank you in advance