Security groups are logical groupings that can be used to determine what needs to be protected by the NSX for vSphere distributed firewall. It allows static or dynamic grouping based on inclusion and exclusion of objects such as virtual machines, vNICs, vSphere clusters, logical switches, and so on.
Security group considerations:
- Security groups can have multiple security policies assigned to them
- A virtual machine can belong to multiple security groups at the same time
- Security groups can be nested inside other security groups
- You can include and exclude objects from security groups
- Security group membership can change dynamically
- If a virtual machine belongs to multiple security groups, the services applied ...