The Egress policy, also known as an SGACL policy, determines which SGACLs to apply at the Egress
points of the network, based on the source and destination SGTs. ACS presents the Egress policy as a
matrix; it displays all the security groups in the source and destination axes. Each cell in the matrix can
contain a set of ACLs to apply to the corresponding source and destination SGTs.

The network devices add the default policy to the specific policies that you defined for the cells. For
empty cells, only the default policy applies.

Use the Egress policy matrix to view, define, and edit the sets of ACLs to apply to the corresponding
source and destination SGTs.

To display this page, choose Access Policies > Security Group Access Control > Egress Policy.

Table 10-23

Egress Policy Matrix Page

Option

Description

Destination Security
Group

Column header displaying all destination security groups.

Source Security
Group

Row header displaying all source security groups.

Cells

Contain the SGACLs to apply to the corresponding source and destination security group.

Edit

Click a cell, then click Edit to open the Edit dialog box for that cell. See

Editing a Cell in the Egress

Policy Matrix, page 10-47

Default Policy

Click to open a dialog box to define the default Egress policy. See

Defining a Default Policy for Egress

Policy Page, page 10-47

Set Matrix View

To change the Egress policy matrix display, choose an option, then click Go:

•

All—Clears all the rows and columns in the Egress policy matrix.

•

Customize View—Launches a window where you can customize source and destination security
groups corresponding to the selected cell.