Creating a SmartGroup

To create a SmartGroup:

  1. In the CoPilot UI, go to Groups > SmartGroups.

  2. Click + SmartGroup.

  3. In the Create SmartGroup dialog, provide the following information about your SmartGroup:

    Parameter Description

    Name

    Name of the new SmartGroup.

    Resource Type - Virtual Machine, Subnets, VPC/VNets

    Enter the matching criteria for resources that will be part of this SmartGroup. You can match conditions based on:

    • The properties Name, Region, or Account Name, if you want to match against all resources within an account or region. The values for the selected condition(s) are populated automatically.

    • The CSP tags that you have defined for your Cloud resources. Some examples of tags are: Backup, Controller, Aviatrix-Created-Resource, and Type. The CSP tags change depending on the selected Resource Type.

    If you select GCP-based VMs, ensure that you have first enabled the appropriate API permission: compute.networks.listEffectiveTags. See the Aviatrix Google Cloud Getting Started Guide for more information.

    Resource Type - IPs/CIDRs

    Enter multiple IPs or CIDRs.

    Enter FQDNs in the DNS Hostname Resource Type field.

    Resource Type - External Connections (S2C)

    Type in or select pre-existing external connections.

    An External Connection SmartGroup will resolve to either the remote CIDRs defined for a static route external connection, or the BGP-advertised CIDRs for BGP-based external connections.

    DNS Hostnames

    Enter Fully Qualified Domain Names. For more information, see About Hostname SmartGroups.

    Resource Type - Kubernetes

    Namespace, Cluster, and/or Service.

  4. Toggle on the Preview slider to show the resources that match the configured criteria.

  5. Click Save. The new Smart Group is now in the SmartGroups list.

As of Controller version 7.2.4994 with CoPilot 4.17, you can no longer enter an FQDN in the IP/CIDRs field. If you want to enter an FQDN you must enter it in the Hostname field.

Viewing Resource and Reference Details

You can click a SmartGroup name in the list to view its resources and Rule References in the right-hand pane.

On the Rule References tab, clicking on a rule opens this rule on the Distributed Cloud Firewall > Policies tab.

Creating SAP SmartGroups

You can also create SmartGroups based on discovered SAP instances:

  1. Go to SmartGroups and click Discovered SAP Service Instances in the top right.

  2. Mark the checkbox next to every SAP instance to include in the SmartGroup.

  3. Click the Actions dropdown menu in the top left and select Create SmartGroup.

  4. Enter a name for the group. The IP Addresses/CIDRs are automatically populated based on the SAP instances you selected.

  5. Click Save.

  6. Click Close.

The new SmartGroup appears in the table.