Does anyone know more on the use of the "annotation" field for use in a dynamic address group from a vm information source?
Can the notes or tags field in the summary tab in vCenter be used to apply custom annotations? Any assistance on the syntax would be great since PAN dosn't seem to provide much on this that I could find.
The goal is to be able to apply multiple custom annotations in order to apply the proper dynamic address group to the VM and a VM could belong to multiple dynamic address groups.
I ran across the same issue today and found another/better way to use tagging if you have vCenter and the VMware vCenter plug-in for panorama. Details for configuring the plug-in can be found at Panorama Plugin for VMware vCenter .
Instead of using the 'Notes' field, you can use the vCenter 'Tag and Categories' feature. It is located under 'Menu > Tags & Custom Attributes'. In my example, I use vCenter Tags to create Dynamic groups in Panorama using the following categories; security-zone, site-or-location and domain-member.
FYI: If you don't see the Tags widget in vCenter, you may need to scroll down.
There are two pieces to the vCenter Tag configuration; Categories and Tags. Categories are groups of tags and also control if a VMware entity, in our case the 'VirtualMachine', can have more than one Tag from the Category.
For example, the Tags for the "domain-member" category are domain-client, domain-server and domain-controller. Multiple Cardinality is set to false (see above) and Associable Entities is set to VirtualMachines, so you can only select one Tag and the Tags are only available for Virtual Machines.
Once you have your categories and tags defined, apply them to your virtual machines by clicking Assign in the Tags widget for the Virtual Machine. To manually synchronize the Tags use the VMware vCenter plug-in.
Now when you create dynamic address group, you should see your tags available.
TIPS:
-You can use (parenthesis) to group multiple ANDs & ORs
-You can add Panorama Tags to dynamic address groups for use in other static or dynamic groups.
Hope you find this useful,
Sully
Update on this:
So the annotation field leverages the "Notes" field of the guest in vsphere. So if you add a notation in the notes field (example a_host), the PAN will pick it up on the next refresh and add that as an actual filter to choose from for the dynamic address group.
The piece I am still missing is can a guest have multiple annotations in the notes field and the PAN pick it up as seperate filters or annotations?
If "Yes", what is the syntax?
I have tried, seperate lines, ";", ",", and spaces with no success.
I ran across the same issue today and found another/better way to use tagging if you have vCenter and the VMware vCenter plug-in for panorama. Details for configuring the plug-in can be found at Panorama Plugin for VMware vCenter .
Instead of using the 'Notes' field, you can use the vCenter 'Tag and Categories' feature. It is located under 'Menu > Tags & Custom Attributes'. In my example, I use vCenter Tags to create Dynamic groups in Panorama using the following categories; security-zone, site-or-location and domain-member.
FYI: If you don't see the Tags widget in vCenter, you may need to scroll down.
There are two pieces to the vCenter Tag configuration; Categories and Tags. Categories are groups of tags and also control if a VMware entity, in our case the 'VirtualMachine', can have more than one Tag from the Category.
For example, the Tags for the "domain-member" category are domain-client, domain-server and domain-controller. Multiple Cardinality is set to false (see above) and Associable Entities is set to VirtualMachines, so you can only select one Tag and the Tags are only available for Virtual Machines.
Once you have your categories and tags defined, apply them to your virtual machines by clicking Assign in the Tags widget for the Virtual Machine. To manually synchronize the Tags use the VMware vCenter plug-in.
Now when you create dynamic address group, you should see your tags available.
TIPS:
-You can use (parenthesis) to group multiple ANDs & ORs
-You can add Panorama Tags to dynamic address groups for use in other static or dynamic groups.
Hope you find this useful,
Sully
Jerzy,
If you have configured the vSphere source under 'Device > VM Information Sources' and configured and assigned vSphere categories to the Guest, you should see those selections categories/tags when you add an Address Group and select type=Dynamic.
Sully
