Automatically Applying Policy Rules to VMs in Policy Groups

vGW Series allows you to create Static Groups or Smart Groups that are defined as Policy Groups and then associate policy rules with them. If you select the Automatic option for the group when you configure it, when a VM joins the group, the policy rules associated with the group are automatically applied to the VM.

Configuring a group as a Policy Group whose rules are applied automatically to its VM members entails:

When you add a VM to a Smart Group or a Static Group or a VM matches a Smart Group attribute and enters the group because of the match, the VM gets the policy rules associated with the group if the following conditions are met:

After you create a policy group, it is added to the Firewall > Apply Policy table, ready to be applied to the group. The policy group must be applied once before it can be used for auto-push. Note that auto push will apply the policy to a VM automatically only when the VM enters or exits the group based on matching.

This example shows how to create a group that automatically pushes its policy to VMs that belong to the group or join it dynamically. It creates a Smart Group called HighPriorResGrp, and it configures it as a Policy Group with the Automatic option selected.

  1. On the Settings > Security Settings > Groups page, configure a Smart group called HighPriorResGrp that watches for any VMs connected to a particular VMware resource pool (called high-prior-res) obtained through vi.resourcepool.

    Smart Groups specify attributes that a VM must match to join the group. For details on Smart Groups, see Understanding vGW Series Smart Groups.

    When a VM joins the Policy Group, the group’s rules are instantly installed on that VM without requiring any intervention on your part. Figure 144 shows the Smart Group configuration. Notice that Policy Group and Automatic are selected for the Group Attributes.

    Figure 144: Configuring a Smart Group As a Policy Group

    Configuring a Smart Group As a Policy
Group
  2. Configure policy rules for the HighPriorityResGrp Smart Group.

    When you create a group and define it as a Policy Group, vGW Series places it in under Policy Groups in the VM Tree. You can click on the group name to display the Firewall > Manage Policy tab that allows you to configure group rules. See Figure 145.

    Figure 145: Configuring Policy Rules for a Smart Group with Policy Group Enabled

    Configuring Policy Rules for a
Smart Group with Policy Group Enabled

Related Documentation