Before you use the NSX security policy features from vRealize Automation, an administrator must run the Enable security policy support for overlapping subnets workflow in vRealize Orchestrator.

About this task

Security policy support for the overlapping subnets workflow is applicable to a VMware NSX 6.1 and later endpoint. Run this workflow only once to enable this support.


  • Verify that a vSphere endpoint is registered with an NSX endpoint.

  • Log in to the vRealize Orchestrator Client as an Administrator.


  1. Select the Workflow tab to navigate through the library to the NSX > NSX workflows for VCAC folder.
  2. Run the Enable security policy support for overlapping subnets workflow.
  3. Select the NSX endpoint as the input parameter for the workflow.

    Use the IP address you specified when you created the vSphere endpoint to register an NSX instance.


After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only on the vNICs of the security group members to which this security policy is applied.

What to do next

Apply the applicable security features for the multi-machine blueprint.