Quarantine Policy is always enabled in the Native Cloud Enforced Mode.
| Is VM part of a valid NSX-T Security policy? |
Is VM added to the User Managed List? | VM's public cloud security group and explanation |
|---|---|---|
| Yes, VM is matched with a valid NSX-T Security Policy | Not added to User Managed List | NSX Cloud-created public cloud security group named like nsx-{NSX-GUID} which is the corresponding public cloud security group for the NSX-T Security Policy. |
| No, VM does not have a valid NSX-T firewall policy | Not added to User Managed List | default-vnet-<vnet-ID>-sg in Microsoft Azure or default in AWS because this is the threat detection behavior of NSX Cloud. In the Native Cloud Enforced Mode, the NSX Cloud-created security groups default-vnet-<vnet-ID>-sg in Microsoft Azure or default in AWS mimic the default public cloud security policy.
Note: In
CSM the VM shows an Error state.
|
| Yes, VM has valid NSX-T Security policy | Added to User Manged list | Retains existing public cloud security group because NSX Cloud doesn't take any action on VMs added to the User Managed list. |
| No, VM does not have a valid NSX-T Security policy |
