3 Replies Latest reply on Dec 2, 2017 11:54 AM by Bayu Wibowo

    Dynamic and Static policy rules

    yraps Lurker

      Can I create policy role with a combination of dynamic source and static destination? E.g. SRC=VM Name and DST=IP Addr

        • 1. Re: Dynamic and Static policy rules
          Bayu Wibowo Master
          vExpertUser ModeratorsCommunity Warriors

          Yes below is a screenshot for the rule using the Service Composer

          You would need a Security Group with dynamic membership of VM name e.g. SG_VMName,

          then the static IP Address would also need to be a Security Group (when using Service Composer) with static membership of an IP Sets e.g. SG_IPSet1

          The Security Policy for example can be from Policy SG to SG_IPSet1 then apply that policy to SG_VMName

          Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV
          https://nz.linkedin.com/in/bayupw | twitter @bayupw
          • 2. Re: Dynamic and Static policy rules
            Mparayil Enthusiast

            Hello !

            As said by Bayu Wibowo, you can implement the Source as Dynamic security group and destination as Static-IPsets using Service composer or Manually as well.

             

            create security group one with Dynamic Expression (vm_name, Guest_OS,Tag) etc..

             

            Optional : Security group for IPsets / IPset without an Security group

            Once this is configured

            Go to DFW tab and create the rule manually

            • 3. Re: Dynamic and Static policy rules
              Bayu Wibowo Master
              User ModeratorsvExpertCommunity Warriors

              Yep, just want to add that you can just use IP Sets object when using Firewall Menu but when using Service Composer you would need Security Group to wrap the IP Sets object

              Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV
              https://nz.linkedin.com/in/bayupw | twitter @bayupw