After adding or cloning a rule, you can edit the rule settings.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Select Encryption from the navigation panel.
  3. Click the Rules tab if it is not already selected.

    The list of rules and rule sections is displayed. You can click Columns at the bottom of the window to choose which columns are displayed.

  4. To edit a setting that is editable, double-click the cell or move the mouse to the upper right corner of the cell and click the pencil icon.

    All columns except #, ID, and Stats are editable. To edit the Sources, Destinations, Services, and Applied To fields, you can also use the drag and drop method.

  5. To use the drag and drop method to edit a field, click Objects in the upper right corner to open a pop-up window.
    1. Select an object type from the Type drop-down list to display the list of objects.
    2. Drag and drop objects to the target field.
    3. Click Objects again to close the pop-up window.
  6. To edit Sources and Destinations, click the pencil icon to open a dialog box.
    Note:

    It is not recommended that you specify the source as ANY.

    If SpoofGuard is not enabled, automatically discovered address bindings cannot be guaranteed to be trustworthy because a malicious virtual machine can claim the address of another virtual machine (you will not be warned). SpoofGuard, if enabled, verifies each discovered binding so that only approved bindings are presented.

    1. Select an object type from the Type drop-down list to display the list of objects.

      The available types are logical port, logical switch, and NSGroup. For DNE, an NSGroup cannot contain a MAC set or an IP set.

    2. Select one or more objects in the Available column.

      Click the checkbox next to Available to select all objects.

    3. Click the right-arrow icon to move the selected objects to the Selected column.
    4. Repeat with another object type if needed.
    5. Click OK.
  7. To edit Services, click the pencil icon to open a dialog box.
    1. Select one or more services in the Available column.
    2. Click the right-arrow icon to move the selected services to the Selected column.
    3. Required: You can click Create New NSService to create a new service.

      Complete the service details.

      Option

      Description

      Name and Description

      Enter a name and optionally a description.

      Type of Service

      Select one of the available service types:

      • ALG

      • ICMP

      • IP

      • L4 Port Set

      • IGMP

      Protocol

      Select one of the available protocols.

      Source Ports

      Enter the source port.

      Destination Ports

      Select the destination port.

      Group Existing Services

      Click the radio button to add an existing group service.

    4. Required: You can click the Raw Protocol tab and click Add to add a protocol.

      Complete the protocol details.

      Option

      Description

      Type of Service

      Select one of the available service types:

      • ALG

      • ICMP

      • IP

      • L4 Port Set

      • IGMP

      Protocol

      Select one of the available protocols.

      Source Ports

      Enter the source port.

      Destination Ports

      Select the destination port.

    5. Click OK.
  8. To edit Action, click the pencil icon to open a dialog box.
    1. Select an action from the Action drop-down list.

      Option

      Description

      Encrypt and Check Integrity

      Default. Authenticates and encrypts.

      Check Integrity Only

      Authenticates only.

      Allow in Clear

      Allows the packet to pass as is without authenticating or encrypting.

    2. Click OK.
  9. To edit Key Policy, click the pencil icon to open a dialog box.
    1. Select a policy from the Key Policy drop-down list.

      System_Encryption_and_Integrity is the default

    2. Click OK.
  10. To edit Applied To, click the pencil icon to open a dialog box.
    1. Select an object type from the Type drop-down list to display the list of objects.

      The available types are logical port, logical switch, and NSGroup. For DNE, an NSGroup cannot contain a MAC set or an IP set.

    2. Select one or more objects in the Available column.

      Click the checkbox next to Available to select all objects.

    3. Click the right-arrow icon to move the selected objects to the Selected column.
    4. Repeat with another object type if needed.
    5. Click OK.
  11. To edit Log, click the pencil icon to open a dialog box.
    1. Click the Log toggle button to turn logging on or off.
    2. Click OK.
  12. To edit Notes, click the pencil icon to open a dialog box.
    1. Enter notes in the Notes text field.
    2. Click OK.

Results

Note that the Stats field is not editable. You can move your mouse to this field and see a pop-up showing statistics for the encryption rule. Statistics are accumulated starting from when the encryption rule was created and are updated in five minutes-intervals by default. These values represent aggregated statistics across all hosts. These values are not automatically refreshed. To update the values in this display manually, right click the cell and select Refresh .