Understanding vGW Series Groups

The Settings module Security Settings > Groups page lets you define groups that can contain VMs and resources. You can automate many security tasks by putting in place the proper group structure.

This topic includes the following sections:

Uses of Groups

Groups serve many purposes. For example, you might want to use a group for the following reasons:

vGW Series Group Types

vGW Series supports the following two group types:

When the VM enters the group, the group’s policy is applied to it. When it leaves the group, the group’s policy is removed from it.

Policy Groups and Monitoring Groups

You can select the Policy Group option when you define a group to control policy association. When you select the Policy Group option, the group shows up in the Policy Groups area of the VM tree.

Groups that do not have a policy associated with them appear by default in the Monitoring Groups section of the VM tree.

The VM tree contains:

Defining the Group as a Policy Group Option with Automatic or Manual Selected

You can select the Policy Group option when you define a group to control policy association. When you select the Policy Group option, the group shows up in the Policy Groups area of the VM tree. Groups that do not have a policy associated with them appear in the Monitoring Groups section of the VM tree.

To define a policy for the group, you use the Firewall module, select the group in the VM tree, and configure its policy rules. To install the policy, you use the Firewall Module > Apply Policy page.

Among the information that you configure for a group that you define as a Policy Group is how the policy is applied:

When you add a VM to a Smart Group or a Static Group, or a VM matches a Smart Group attribute and enters the group because of the match, the VM gets the policy rules associated with the group if the following conditions are met:

Automatically Applying Policy Rules to VMs in Policy Groups gives details on defining Smart Groups and Static Groups as Policy Groups with the Automatic Option to automatically “push” policies to VM members of a group.

Although a VM that enters a group–either because you added it or dynamically because it matched a Smart Group variable–gets the group’s policy, this will not start to occur until after the first use.

Also, if changes are made with the vGW Series Cloud SDK, you must apply them either using the vGW Security Design VM Firewall module > Apply Policy page or using the relevant function. They do not take effect simply because the vGW Security Design VM is changed.

Copying Groups

You can use the Group page to duplicate groups.

To copy groups:

  1. From the Settings module on the vGW Security Design VM, select the Security Settings > Global.
  2. In the Groups table, click the name of the group that you want to copy.
  3. Click Copy Group. A dialog box appears.
  4. Give the new group a name.
  5. If the group that you are copying is a policy group, click Keep Policy if you want the original group’s policy to be associated with the new group.
  6. For a Smart Group, you can:
    • Click Duplicate Smart Group logic to duplicate the rule set on the copy.
    • Click Convert VM membership to static group to create a static group that contains the members of the copied Smart Group.
  7. Click Save.

    The new group is added to the Groups table.

Note: A new group created as a copy inherits the auto push property of the original. However, because it is effectively a new group, it must be manually pushed initially.

Related Documentation