Encryption rule sections are used to organize a set of encryption rules, manage them independently, and apply them as a group. Sections are used for multi-tenancy, such as defining specific rules for sales and engineering departments in separate sections.

About this task

An encryption rule section consists of one or more encryption rules. Each encryption rule belongs to only one section: the section is the parent, and an encryption rule is a child. Each encryption rule contains instructions that determine what to do with a network packet that matches the rule.

Section order affects the sequence in which encryption rules are processed. See How DNE Processes Network Packets.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Encryption from the navigation panel.
  3. Click the Rules tab if it is not already selected.
  4. To add a section, click Add Section on the menu bar and select Add Section Above or Add Section Below.
    1. Enter the section name and an optional description.
    2. Select a position for the section: above or below an existing section.

      This choice is not available if you are adding a section above the Default Layer3 Section.

    3. Click Save.
  5. To edit a section, click the menu icon in the first column of the section or right click the section, and select Edit from the pop-up menu.
    1. Edit the name and description as needed.
    2. Click Save.
  6. To delete a section, click the menu icon in the first column of a section or right click the section, and select Delete from the pop-up menu.
    1. Click Delete to confirm.

Results

Once a section is added, you cannot change its position from the NSX Manager GUI. However, you can delete it and re-create it in a different position. You can also change a section's position using the API POST /api/v1/network-encryption/sections/<section-id>?action=revise. For more information, see the NSX-T API Reference.