You can create a service group and then define rules for that service group.


  1. In the vSphere Web Client, click Networking & Security > Groups and Tags.
  2. Navigate to Service Groups:
    • In NSX 6.4.1 and later, ensure that you are in the Service Groups tab.
    • In NSX 6.4.0, ensure that you are in the Grouping Objects > Service Groups tab.
  3. If multiple IP addresses are available in the NSX Manager drop-down menu, select an IP address, or keep the default selection.
    • To manage universal security groups, the primary NSX Manager must be selected.
  4. Click Add or the Add (Add) icon.
  5. Type a Name to identify the service group.
  6. (Optional) Type a Description for the service group.
  7. In Members, select the services or service groups that you want to add to the group.
  8. (Optional) Select Universal Synchronization or Mark this object for Universal Synchronization to create a universal service group.
  9. (Optional) Select Inheritance or Enable inheritance to allow visibility at underlying scopes.
    When inheritance is enabled, grouping objects created at the global scope are accessible from derived scopes, such as datacenter, Edge, and so on.
  10. Click Add or OK.