You can bind multiple groups to a security profile. NSX-T Data Center applies the security profile to the group with highest precedence level.

If you bind a security profile to multiple groups, NSX-T Data Center assigns highest precedence to the newest group from that list. However, you can change the precedence level for groups.

To assign precedence to groups:

Prerequisites

  • Session timer groups must only contain segments, segment ports, and VMs as members. Other category types are not supported.
  • DNS security groups must contain only VMs as members. Other category types are not supported.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Navigate to Security > General Settings > Firewall.
  3. Click Manage Group to Profile Precedence.
  4. To assign a group highest level of precedence, move it to the top of the list.
  5. Click Close.

Results

The security profile is applied to the group with highest precedence level.