US Patent 11418546 Scalable port range management for security policies

Techniques are disclosed for implementing scalable port range policies across a plurality of categories that support application workloads. In one example, a policy agent receives, from a centralized controller for a computer network, a plurality of policies. Each policy of the plurality of policies includes one or more policy rules, and each of the one or more policy rules specifies one or more tags specifying one or more dimensions for application workloads executed by the one or more computing devices and a corresponding port range. The policy agent assigns, based on a policy rule, a port range specified by the policy rule to objects of the one or more computing devices that belong to categories described by the one or more dimensions of the one or more tags of the policy rule. The categories support the application workloads and are assigned to the tags by a centralized controller.