How to set up NSX groups

Create groups to simplify rules management

Last updated 24th November 2021

Objective

An object, in the Network Security world, is a singular item that can be assigned rules.
Examples: IP address, machine name, service, network port, MAC adress...

Leveraging object groups limits the number of necessary rules and simplifies management.

This guide explains how to create/manage groups.

Requirements

Instructions

Interface access

In the vSphere interface menu, go to the Networking and Security dashboard.

Menu

On the left side, navigate to the Groups and Tags section.

The section shows 7 types of grouping methods:

  • Security Tags
  • IP Pools
  • Service Groups
  • Services
  • MAC Sets
  • IP Sets
  • Security Groups

GUI

Security Tags

Tags are metadata added to VMs to flag and sort them easily.

To create one, in the Security Tags tab, click on + Add.

TAG

The tag itself is just a keyword so you can use any name for it.

TAG

Once created, select it in the list and click + Assign VM

TAG

Choose the VM(s) you want to assign the tag to and use the arrows to put them in the "Selected Objects" section.

Click OK when done.

TAG

Your Security Tag is done and assigned to VM(s).

TAG

IP Pools

IP Pools are ranges of IPs.

To create one, in the IP Pools tab, click on + Add.

POOL

A pool will need a Name, Gateway and prefix length to be useable. The DNS info are optional.

IPs need to be added as a range (xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx).

Click Add when done.

POOL

Your IP Pool is now set up and available.

POOL

Service Groups

Service Groups are collections of existing Services and/or Service Groups.

To create one, in the Service Groups tab, click on + Add.

SG

Your group will need a name and objects added. The available objects will be of two types:

  • Service Groups
  • Services

You can highlight various items from either types and drop them in the "Selected Oblects" section.

Click Add when done.

SG

Your Service Group is now set up and available.

SG

Services

Services are applications running at the network layer and above. They typically are linked to network ports and protocols for communications.

To create one, in the Service tab, click on + Add.

Serv

Most of the commonly used services are already listed but you can define new ones to allow, to be more granular or create specific ports collections.

Click Add when done.

Serv

Your Service is now set up and available.

Serv

MAC Sets

MAC Sets are collections of MAC addresses (a MAC is a physical address of a network component).

To create one, in the MAC Sets tab, click on + Add.

MAC

Name your set then add the physical addresses as needed.

Click Add when done.

MAC

Your Mac Set is now set up and available.

MAC

IP Sets

IP sets are collections of IP adresses.

To create one, in the IP Sets tab, click on + Add.

IP

Name your set then add the addresses as needed. IPs can be added as single (xxx.xxx.xxx.xxx), range (xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx) or CIDR (xxx.xxx.xxx.x/xx).

Click Add when done.

IP

Your IP Set is now set up and available.

IP

Security Groups

Security Groups are collections of network objects.

To create one, in the Security Groups tab, click on + Add.

SEC

Name your set then click Next.

SEC

Security Groups allow for dynamic membership. You can define a single or set of variables that will automatically assign/unassign objects.

You can leave this part empty if you do not wish to use the functionality.

Click Next.

SEC

You can now add any existing Group/Object to the "Selected Objects" section to include them in the group.

Click Next

SEC

If there is a specific object that needs to be left out (a single member of a whole group you selected previously for example), find it in the "Objects to Exclude" window.

Click Next

SEC

Review your settings and click Finish

SEC

Your Security Group is now set up and available.

SEC

Go further

Join our community of users on https://community.ovh.com/en/.


Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.


These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices incl. VAT may vary according to the customer's country of residence
(by default, the prices displayed are inclusive of the UK VAT in force).