This topic details the steps to create a Positive Security Group.

Procedure

  1. From the NSX Advanced Load Balancer UI, navigate to Templates > WAF > WAF Policy.
  2. Click Create or Edit an existing WAF Policy.
  3. Enter the required details under the Settings tab.
  4. Click the Positive Security tab.


  5. Create a new Positive Security Group by clicking on the more icon (three dots) and then clicking Create.
  6. In the New Positive Security Group screen, enter the details as shown below.

    Field

    Description

    Additional Information

    Group Enabled

    Toggle this slider to enable or disable this WAF rule group.

    Name

    Enter a relevant name for the policy.

    Description

    Enter a description to identify the group.

    Learning Group

    Select this check box to enable learning for the group.

    This field cannot be changed after the group is created.

    Hit Action

    Select Allow parameter or No operation from the drop-down menu.

    If a rule in this group matches the match_value pattern, this action will be executed.

    Miss Action

    Select either Block or No operationfrom the drop-down menu.

    If a rule in this group does not match the match_value pattern, this action will be executed.

    Location

    Click Add Location to add a location and configure Match Type and Argument Rules for this Positive Security Group. For more information on adding a location, see Creating a Location.

    Positive Security rules are created in locations. Locations are derived from URLs.
  7. Click Save.