Before you use the NSX security policy features from vRealize Automation, an administrator must run the Enable security policy support for overlapping subnets workflow in vRealize Orchestrator.

Security policy support for the overlapping subnets workflow is applicable to an NSX 6.1 and later endpoint. Run this workflow only once to enable this support.


  • Verify that a vSphere endpoint is registered with an NSX endpoint. See Create a vSphere Endpoint.

  • Log in to the vRealize Orchestrator client as an administrator.

  • Verify that you ran the Create NSX endpoint vRO work flow.


  1. Click the Workflow tab and select NSX > NSX workflows for VCAC.
  2. Run the Create NSX endpoint workflow and respond to prompts.
  3. Run the Enable security policy support for overlapping subnets workflow.
  4. Select the NSX endpoint as the input parameter for the workflow.

    Use the IP address you specified when you created the vSphere endpoint to register an NSX instance.


After you run this workflow, the distributed firewall rules defined in the security policy are applied only on the vNICs of the security group members to which this security policy is applied.

What to do next

Apply the applicable security features for the blueprint.