Before you create distributed firewall rules for a data center group, you can group data center group networks into security groups to which the rules apply.

Security groups are groups of data center group networks to which distributed firewall rules apply. Grouping networks helps you to reduce the total number of distributed firewall rules to be created.


Verify that you have at least one data center group network that is backed by NSX-T Data Center.


  1. In the top navigation bar, click Networking and then click the Data Center Groups tab.
    The list of data center groups appears.
  2. Click the target data center group.
  3. Under Security, click Security Groups and click New.
  4. Enter a name and, optionally, a description for the security group, and click Save.
    The new security group appears in the list.
  5. Select the newly created security group and click Manage Members.
  6. Select the data center group networks that you want to add to the security group.
  7. Click Save.

What to do next

Add a Distributed Firewall Rule to a Data Center Group with an NSX-T Data Center Network Provider Type