Creating a SmartGroup

To create a SmartGroup:

  1. In the CoPilot UI, go to Groups > SmartGroups.

  2. Click + SmartGroup.

  3. Provide the following information about your SmartGroup:

    Parameter Description

    Name

    Name of the new SmartGroup.

    Resource Type

    The resource(s) that comprise the SmartGroup as specified by resource type and matching resource properties, or by IP address/CIDR.

    You can add the following resource types: Virtual Machine, Subnet, VPC/VNet, IPs/CIDRs, and External Connections (S2C). Typically you will only have resources of the same type in a SmartGroup.

    If you have more than one Resource Type, OR logic is applied between the Resource Types. AND logic is applied within the Resource Type.

    Resource Types VM, Subnet, and VPC/VNet are supported only in public AWS, Azure, and GCP.
    You should only select an External Connection resource type if you plan to use this SmartGroup in a DCF rule, and if Enforcement on External Connections is enabled in Security > Distributed Cloud Firewall > Settings.

    Resource Type - Virtual Machine, Subnets, VPC/VNets

    Enter the matching criteria for resources that will be part of this SmartGroup. You can match conditions based on:

    • The properties Name, Region, or Account Name, if you want to match against all resources within an account or region. The values for the selected condition(s) are populated automatically.

    • The CSP tags that you have defined for your Cloud resources. Some examples of tags are: Backup, Controller, Aviatrix-Created-Resource, and Type. The CSP tags change depending on the selected Resource Type.

    Resource Type - IPs/CIDRs

    Can enter multiple IPs or CIDRs.

    Resource Type - External Connections (S2C)

    Type in or select pre-existing external connections.

    An External Connection SmartGroup will resolve to either the remote CIDRs defined for a static route external connection, or the BGP-advertised CIDRs for BGP-based external connections.

    Preview Resources

    After entering your Resource Type, you can use the Preview Resources toggle switch to see the selected resources that map to the SmartGroup.

  4. Toggle on the Resource Selection slider to show the resources that match the configured criteria.

  5. Click Save. The new Smart Group is now in the SmartGroups list.

Viewing Resource and Reference Data

You can click a SmartGroup name in the list to view its resources and Rule References in the right-hand pane.

Creating SAP SmartGroups

You can also create SmartGroups based on discovered SAP instances:

  1. Go to SmartGroups and click Discovered SAP Service Instances in the top right.

  2. Mark the checkbox next to every SAP instance to include in the SmartGroup.

  3. Click the Actions dropdown menu in the top left and select Create SmartGroup.

  4. Enter a name for the group. The IP Addresses/CIDRs are automatically populated based on the SAP instances you selected.

  5. Click Save.

  6. Click Close.

The new SmartGroup appears in the table.