Groups Settings

On the Groups > Settings tab, you can configure Cloud Resource Polling and DNS Server for Hostname Resolution.

Configuring the Cloud Resource Polling Interval

The Aviatrix Controller runs a full inventory of your clouds every four hours, and then listens to events every minute to learn about updates to its resources. For example, if you modified your Cloud Tags, you may want to poll data more frequently so that CoPilot reflects those changes.

On the CoPilot Groups > Settings tab, the Cloud Resource Polling slider is On by default.

If you want to turn Off Cloud Resource Polling, a warning displays indicating that this will impact key functionalities such as Distributed Cloud Firewall, SmartGroups, Cloud Assets, and Dashboard and Topology features. You must select the I understand the implications checkbox to continue.

Also, lowering the polling interval can create more load on the Controller. The default setting should be sufficient.

Enter the desired polling interval in minutes (default is 15). This can be a value between 1-1440.

Fifteen minutes is the interval at which the Controller polls for updates to the SmartGroups.

You can manually trigger a poll to fetch resources directly from your clouds by clicking Refetch Cloud Resources on the Groups > SmartGroups tab. The poll may take several minutes to complete depending on the size of your environment.

Discovery of Kubernetes Resources

This card is only visible if the Distributed Cloud Firewall feature is enabled.

Enabling Discovery of Kubernetes Resources

To enable discovery of Kubernetes resources in your cloud accounts:

  1. On the Groups > Settings tab, click Enable on the Discovery of Kubernetes Resources card.

    The Discovery of Kubernetes Resources dialog then lists the necessary IAM Role permissions that must be in place for the supported clouds before you can enable discovery of Kubernetes resources in your cloud accounts.

    Do not click Enable again until you are sure that the IAM Role permissions are in place.

  2. Select the I understand the implications checkbox.

  3. Click Enable to enable discovery of Kubernetes resources in your cloud accounts. These resources will be displayed on the Cloud Resources > Cloud Assets > Kubernetes Clusters tab.

Disabling Discovery of Kubernetes Resources

To disable discovery of Kubernetes resources in your cloud accounts:

  1. On the Groups > Settings tab, click Disable on the Discovery of Kubernetes Resources card.

  2. You are prompted that disabling discovery of Kubernetes resources will impact key functionalities, including Distributed Cloud Firewall, SmartGroups, and Cloud Assets.

  3. Select the I understand the implications checkbox and click Disable to disable the discovery of Kubernetes resources.

DNS Server for Hostname Resolution (Hostname SmartGroups)

This DNS server setting only applies to SmartGroups with the hostname resource type groups, defined under Groups > SmartGroups.

Select either the Gateway’s Management DNS Server or Custom DNS Servers for DNS hostname resolution.

When a DCF rule attempts a DNS match because of the included hostname, the Aviatrix Default DNS server is used to resolve the DNS, unless you configure a custom DNS Server.

To select a DNS server:

  1. On the CoPilot Groups > Settings tab, select one of the following on the DNS Server for Hostname Resolution card:

    • Gateway’s Management DNS Server: This is the default DNS server setting. Each gateway has its own configured Gateway Management DNS server. If a gateway is part of a hostname resource-type SmartGroup, it will use the Gateway’s Management DNS Server setting configured in one of the following locations:

      • For Transit, Spoke, or Specialty gateways: Cloud Fabric > Gateways > Transit Gateways, Spoke Gateways, or Specialty Gateways > [gateway name] > Settings > General > Gateway Management DNS Server

      • For UserVPN gateways: Cloud Fabric > UserVPN > [gateway name] > Settings > General.

        See Gateway’s DNS Server for more information.

    • Custom DNS Servers: enter one or more custom DNS server addresses (maximum is two) that will be updated for all enforcing gateways.

Ensure the correctness of the custom DNS server addresses before saving. Any valid IP address is accepted by this field, even if it is not the IP address of a DNS server.
  1. Click Save.