Creating Groups for Distributed Cloud Firewall

SmartGroups

A Distributed Cloud Firewall (DCF) SmartGroup contains one or more filters to identify cloud endpoints that map to an app domain. A filter specifies resource matching criteria. Matching criteria could be a cloud tag; a resource attribute (such as account name or region); a list of IP prefixes; or a Site2Cloud external connection. All conditions within the filter must be satisfied to be matched. A tag or resource attribute-based filter must be associated with a resource type (VPC/VNet, subnet, or VM).

Creating SmartGroups

WebGroups

A DCF WebGroup contains one or more domain names or URLs that assists in filtering (and providing security to) Internet-bound traffic.

Creating WebGroups

ThreatGroups

A DCF ThreatGroup prevents traffic from being sent to, or from, a set of threat IPs.

Currently there is only a Default (system defined) ThreatGroup.

Managing ThreatGroups

GeoGroups

A DCF GeoGroup (or country/countries) allows or prevents traffic from being sent to, or from, a country or a geographical area.

Creating Custom GeoGroups