When deploying PCG, you have the option to turn the Quarantine Policy on or off. Follow these steps to enable or disable the Quarantine Policy subsequently.

Prerequisites

One or a pair of PCGs must be deployed on your VPC or VNet.

Procedure

  1. Log in to CSM and go to your public cloud:
    1. If using AWS, go to Clouds > AWS > VPCs. Click on the VPC on which one or a pair of PCGs is deployed and running.
    2. If using Microsoft Azure, go to Clouds > Azure > VNets. Click on the VNet on which one or a pair of PCGs is deployed and running.
  2. Enable the option using any one of the following:
    • In the tile view, click on ACTIONS > Edit Configuration.

    • If you are in the grid view, select the checkbox next to the VPC or VNet and click ACTIONS > Edit Configuration.

    • If you are in the VPC or VNet's page, click the ACTIONS icon to go to Edit Configurations.

  3. Turn Default Quarantine on or off to enable or disable it.
  4. If you are disabling Quarantine Policy, you must provide a fallback security group.
    Note:

    The fallback security group must be an existing user-defined security group in your public cloud. You cannot use any of the NSX Cloud security groups as a fallback security group. See NSX Cloud Security Groups for the Public Cloud for a list of NSX Cloud security groups.

    • All unmanaged or quarantined VMs in this VPC or VNet will get the fallback security group assigned to them upon disabling Quarantine Policy.

    • All managed VMs retain the security group assigned by NSX Cloud. The first time such VMs are untagged and become unmanaged after disabling Quarantine Policy, they also get the fallback security group assigned to them.

  5. Click SAVE.