In this article I will cover creating Global Groups in NSX-T Federation. Then we will create a policy and a rule to test web traffic in order to show that the new policy/rule applies at both site locations.
Log into the Global Manager
In the primary global manager go to Inventory > Groups
Provide the group a name – my test is for web tier virtual machines
Choose Region as Global
I am using VM Name as criteria even though I highly recommend leveraging tags in real world
Click view members to ensure all your virtual machines have been added
Toggle between locations to see full list of members
Next we need to configure polices and rules
Security > East West Security > Distributed Firewall > Application
Provide a name – Sources: any – Destinations: Global web tier group – Services: Http – Applied to: Global Web Tier Group – Action Reject
Neither web virtual machine works because the rule above is set to reject. Since this is a Global Rule it is being applied at both Location 1 and Location 2
Change the rule to allow
As you can now see the web pages are working from a workstation outside of the NSX-T network.