To create distributed firewall rules and add them to a data center group, you must first create IP sets. IP sets are groups of IP addresses and networks to which the distributed firewall rules apply. Combining multiple objects into IP sets helps you to reduce the total number of distributed firewall rules to be created.


  1. In the top navigation bar, click Networking and then click the Data Center Groups tab.
    The list of data center groups appears.
  2. Click the target data center group.
  3. Under Security, click IP Sets.
  4. Click New.
  5. Enter a meaningful name and, optionally, a description for the new IP set.
  6. Enter an IPv4 address, IPv6 address, or an address range in a CIDR format, and click Add.
  7. To modify an existing IP address or range, click Modify and edit the value.
  8. To confirm, click Save.