A domain is a logical collection of workloads which serve a common business goal and on which policies need to be applied. It contains a set of groups and their corresponding communication requirements.

If you plan to create multiple large domains (each with more than 200 resultant rules), be sure to deploy them to the enforcement points sequentially, waiting for the realization of each domain before proceeding to the next one. If you deploy these domains using the API, it is recommended that the communication entries be created before a domain is deployed to an enforcement point.


  1. From your browser, log in to the NSX Policy Manager at https://nsx-policy-manager-IP-address.
  2. Select Infra > Domains from the navigation panel.
  3. Click Add Domain to add a domain.
  4. Specify a name for the domain and optionally a description.
  5. Click Next to go to the Workload Groups step.
  6. Click Add Group to add one or more workload groups. For each workload group,
    1. Specify a name.
    2. Click the Members Type field to select the type of members.
      The available choices are Virtual Machine, IP Address, and Membership Criteria.
    3. For Virtual Machine and IP Address, specify a value.
    4. For Membership Criteria, click Set Membership Criteria to specify how the members are selected.
  7. Click Next to go to the Security step.
  8. Click Add New Section to add a firewall section, or Add New Rule to add a firewall rule.
    You can add multiple sections and rules.
  9. Click Next to go to the Verify Domain Configuration step.
    A graphical representation of the domain is displayed.
  10. Click Next to go to the Select Enforcement Points step.
  11. Select one or more enforcement points.
  12. Click Finish to deploy the domain.