The Application Rule Manager tool simplifies the process of microsegmenting an application by creating security groups and firewall rules for existing applications.

Flow monitoring is used for long term data collection across the system, while the application rule manager is used for a targeted modeling of an application.

There are three steps in the application rule manager workflow:

  1. Select virtual machines (VM) that form the application and need to be monitored. Once configured, all incoming and outgoing flows for a defined set of VNICs (Virtualized Network Interface Cards) on the VMs are monitored. There can be up to five sessions collecting flows at a time.

  2. Stop the monitoring to generate the flow tables. The flows are analyzed to reveal the interaction between VMs. The flows can be filtered to bring the flow records to a limited working set.

  3. Use flow tables to create grouping objects such as security groups, IP sets, services and service groups and firewall rules.