Skip to main content

Security Policy Guide 25.2.10

Rule Writing

This section explains how to write various rules.

Permitted Rule Writing Combinations

The following table explains the valid rule combinations between sources and destinations.

If the Source is

And Service is

The Destination can be

Workload, All workloads, label, label group

Any service

Workload, IP list (including Any (0.0.0.0/0 and ::/0), label, label group, user groups, All workloads

IP list

Any service

Workload, label, label group, user groups, all workloads

Uses virtual services

Not applicable (the service is derived from the virtual service)

Workload, label, label group, IP lists, all workloads, uses virtual service, uses virtual services, and workloads.

Uses virtual services and workloads

Any service

Workload, label, label group, IP lists, all workloads, uses virtual service, uses virtual services, and workloads.

Workload, all workloads, label, or label groups

Any service

User groups and one or more of the following: workload, all workloads, label, label groups.