Security tags that you create and assign to virtual machines help you to define NSX-T Data Center edge gateway firewall rules and distributed firewall rules for data center groups with an NSX-T Data Center network provider type.
- Verify that your system administrator has published the Security tag edit right to your organization and that your role includes this right.
- Verify that your role includes the vApp: Edit Properties right.
Starting with VMware Cloud Director 10.3, you can create security groups with a dynamic membership that is based on VM characteristics, such as VM names and VM tags. To include a VM in a dynamic security group, you create security tags to assign to the VM. You use dynamic groups to create distributed firewall rules and edge gateway firewall rules that are applied on a per-VM basis in a data center group networking context.
- In the top navigation bar, click Applications and then click the Virtual Machines tab.
- In the card of the virtual machine you want to edit, click Details.
- Click Security Tags and click Add.
- To add an existing security tag to the VM, click the drop-down menu and select a tag.
- To create a new security tag to assign to the VM, enter a value for the tag and click Add tag.
- To save the changes, click Submit.
What to do next
- Create dynamic groups of virtual machines based on the tags that you assigned.
- Use the dynamic groups that you created to add distributed firewall rules to the data center group or to add firewall rules to an NSX-T Data Center edge gateway that is scoped to the data center group. See: