To create a Positive Security group, follow the below steps:

Procedure

  1. From the NSX ALB UI, navigate to Templates > WAF > WAF Policy.
  2. Click on Create or Edit an existing WAF Policy.
  3. Enter the required details under the Settings tab.
  4. Click on the Positive Security tab.


  5. Click on Add Group to create the New Positive Security Group. Click on the Three dots option avaiable next to Add Positive Security group
  6. In the New Positive Security Group screen, enter the details as shown below:

    Field

    Description

    Additional Information

    Name

    Enter a relevant name for the policy.

    Description

    Enter a description to identify the group.

    Learning Group

    Select this option to enable the group for learning.

    Hit Action

    Select either Allow parameter or No operation from the drop down.

    If a rule in this group matches the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_ALLOW_PARAMETER.

    Miss Action

    Select either Block or No Operation from the drop down.

    If a rule in this group does not match the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_BLOCK.

    Location

    Click on Add Location to create a new location.

    Rules are created in locations. Locations are derived from URLs.
  7. Click on Save.