Configurar los grupos de objetos NSX (EN)

Create groups to simplify rules management

Last updated 24th November 2021

Objective

An object, in the Network Security world, is a singular item that can be assigned rules.
Examples: IP address, machine name, service, network port, MAC adress...

Leveraging object groups limits the number of necessary rules and simplifies management.

This guide explains how to create/manage groups.

Requirements

Instructions

Interface access

In the vSphere interface menu, go to the Networking and Security dashboard.

Menu

On the left side, navigate to the Groups and Tags section.

The section shows 7 types of grouping methods:

  • Security Tags
  • IP Pools
  • Service Groups
  • Services
  • MAC Sets
  • IP Sets
  • Security Groups

GUI

Security Tags

Tags are metadata added to VMs to flag and sort them easily.

To create one, in the Security Tags tab, click on + Add.

TAG

The tag itself is just a keyword so you can use any name for it.

TAG

Once created, select it in the list and click + Assign VM

TAG

Choose the VM(s) you want to assign the tag to and use the arrows to put them in the "Selected Objects" section.

Click OK when done.

TAG

Your Security Tag is done and assigned to VM(s).

TAG

IP Pools

IP Pools are ranges of IPs.

To create one, in the IP Pools tab, click on + Add.

POOL

A pool will need a Name, Gateway and prefix length to be useable. The DNS info are optional.

IPs need to be added as a range (xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx).

Click Add when done.

POOL

Your IP Pool is now set up and available.

POOL

Service Groups

Service Groups are collections of existing Services and/or Service Groups.

To create one, in the Service Groups tab, click on + Add.

SG

Your group will need a name and objects added. The available objects will be of two types:

  • Service Groups
  • Services

You can highlight various items from either types and drop them in the "Selected Oblects" section.

Click Add when done.

SG

Your Service Group is now set up and available.

SG

Services

Services are applications running at the network layer and above. They typically are linked to network ports and protocols for communications.

To create one, in the Service tab, click on + Add.

Serv

Most of the commonly used services are already listed but you can define new ones to allow, to be more granular or create specific ports collections.

Click Add when done.

Serv

Your Service is now set up and available.

Serv

MAC Sets

MAC Sets are collections of MAC addresses (a MAC is a physical address of a network component).

To create one, in the MAC Sets tab, click on + Add.

MAC

Name your set then add the physical addresses as needed.

Click Add when done.

MAC

Your Mac Set is now set up and available.

MAC

IP Sets

IP sets are collections of IP adresses.

To create one, in the IP Sets tab, click on + Add.

IP

Name your set then add the addresses as needed. IPs can be added as single (xxx.xxx.xxx.xxx), range (xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx) or CIDR (xxx.xxx.xxx.x/xx).

Click Add when done.

IP

Your IP Set is now set up and available.

IP

Security Groups

Security Groups are collections of network objects.

To create one, in the Security Groups tab, click on + Add.

SEC

Name your set then click Next.

SEC

Security Groups allow for dynamic membership. You can define a single or set of variables that will automatically assign/unassign objects.

You can leave this part empty if you do not wish to use the functionality.

Click Next.

SEC

You can now add any existing Group/Object to the "Selected Objects" section to include them in the group.

Click Next

SEC

If there is a specific object that needs to be left out (a single member of a whole group you selected previously for example), find it in the "Objects to Exclude" window.

Click Next

SEC

Review your settings and click Finish

SEC

Your Security Group is now set up and available.

SEC

Go further

Join our community of users on https://community.ovh.com/en/.


¿Le ha resultado útil esta guía?

Si lo desea, también puede enviarnos sus sugerencias para ayudarnos a mejorar nuestra documentación.

Imágenes, contenido, estructura...: ayúdenos a mejorar nuestra documentación con sus sugerencias.

No podemos tratar sus solicitudes de asistencia a través de este formulario. Para ello, haga clic en "Crear un tíquet" .

¡Gracias! Tendremos en cuenta su opinión.


Otras guías que podrían interesarle...

OVHcloud Community

¡Acceda al espacio de la OVHcloud Community! Resuelva sus dudas, busque información, publique contenido e interactúe con otros miembros de la comunidad.

Discuss with the OVHcloud community

A partir del 1 de enero de 2015, con arreglo a la Directiva 2006/112/CE modificada, los precios IVA incluido pueden variar según el país de residencia del cliente (por defecto, los precios con IVA incluyen el IVA español vigente).