Now that we have a security group and a security policy configured, we need to map the security policy to a security group. All the objects that are part of the security group get its security policy rules applied to them. Objects can be dynamically added to the security group based on the criteria they meet:

1. Go to the Home | Networking & Security | Service Composer | Security Policies tab.
2. Select a security policy and click on the icon to associate the policy to a security group. Alternatively, you may also right-click on the policy and select Apply Policy:

3. Select the security group you want this policy associated with. You can also click on Preview Service Status to identify any services that will not be applied to the group:

4. Click on the Preview Service Status.
5. For example, the following screenshot shows that VMware Data Security is not installed on the host:

6. Click OK when done. We now have a security policy associated with a security group.

There are actions that can be performed on a security policy:

Manage Priority lets you manage the order of the policy by placing it over or under any other rules. Export Configuration lets you export the policy configuration. Apply Policy maps the policy to a security group.

Synchronize Firewall Config allows you to synchronize the firewall configuration. Firewall rules in the security policy show up in the firewall configuration section. VMware does not recommend you edit the composer rules in the firewall section. Always edit rules in the security policy and click Synchronize Firewall Config to apply changes appropriately.

Go to the Home | Networking & Security | Firewall section. You will see your composer rules with the associated group listed: