Follow the steps mentioned in this section to create security groups using SE group level configuration.

It is recommended to create a custom security group at the SE group level and disable the default security group creation. disable_avi_sg_creationis the flag to disable the default security group creation by NSX Advanced Load Balancer .

  • Once the option to create the default security group is disabled, NSX Advanced Load Balancer does not create any new security group.

  • By default, rules for management interface, data interface, and tunnelling protocols are not added to the custom security groups. These rules are created manually. This is equivalent to setting the value for theingress_access_data option and ingress_access_mgmt option to None.

  • If the disable_avi_sg_creation option is set on an existing cloud, it applies only to the newly created Service Engines and virtual services. The existing security groups are not deleted automatically.

admin@controller:~$ shell
Login: admin
[admin:controller]: > configure serviceenginegroup Default-Group
[admin:controller]: serviceenginegroup> disable_avi_sg_creation