You can bind multiple groups to a security profile. NSX-T Data Center applies the security profile to the group with highest precedence level.

If you bind a security profile to multiple groups, NSX-T Data Center assigns highest precedence to the newest group from that list. However, you can change the precedence level for groups.

To assign precedence to groups:

Prerequisites

  • Session timer groups must only contain segments, segment ports and VMs as members. Other category types are not supported.
  • DNS security groups must contain only VMs as members. Other category types are not supported.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Navigate to Security > Security Profiles.
  3. Click Manage Group to Profile Precedence.
  4. To assign a group highest level of precedence, move it to the top of the list.
  5. Click Close.

Results

The security profile is applied to the group with highest precedence level.