Label Groups
Label groups help you write your security policy more efficiently when you use the same labels repeatedly in rulesets. When you add those labels to a label group, the label group can be used in a rule or scope as a shortcut or an alias for multiple labels. The Label Groups list pages can contain up to 10,000 label groups and the individual Label Groups pages can contain up to 10,000 members. You can use filters to find labels or label groups.
For example, you have workloads residing in data centers in Dallas, New York, and Washington and you want to apply a rule to all those workloads. Instead of using the labels for Dallas, New York, and Washington in three separate rules, you can define a Location label group named US, add those three location labels to the label group, and use the US label group.
Label groups are displayed as a list that includes the following details:
Provision status
Name of the label group
Type (Role, Application, Environment, Location)
When it is currently in use by a ruleset, label group, and static policy
Last modified date and time
User who last modified the label group
Policy Calculation Using Label Groups
Label groups can be nested, so it is important to understand how label groups can affect policy.
Note
You cannot assign a label group to a workload - only individual labels can be applied to workloads. Label groups can only be used in rulesets.