Before you use the NSX security policy features from vCloud Automation Center, an administrator must run the Enable security policy support for overlapping subnets workflow in vCenter Orchestrator.

The security policy support for overlapping subnets workflow is applicable to VMware NSX 6.1. You must run this workflow only once for an NSX endpoint.

Verify that a vSphere endpoint is registered with an NSX endpoint. See Create a vSphere Endpoint for Networking and Security Virtualization.

Log in to the vCenter Orchestrator Client as an Administrator.

1

Select the Workflow tab to navigate through the library to the NSX > NSX workflows for VCAC folder.

2

Run the Enable security policy support for overlapping subnets workflow.

3

Select the NSX endpoint as the input parameter for the workflow.

Use the IP address you specified when you created the vSphere endpoint to register an NSX instance.

After you run this workflow, the Distributed Firewall (DFW) rules defined in the security policy are applied only on the vNICs of the security group members to which this security policy is applied.

Apply the applicable security features to a multi-machine blueprint. See Specify Security Policy, Groups, and Tags for Component Machines.