The NSX Data Center for vSphere software in your VMware Cloud Director environment provides the capability for defining sets and groups of certain entities, which you can then use when specifying other network-related configurations, such as in firewall rules.

Create an IP Set for Use in Firewall Rules and DHCP Relay Configuration by Using Your VMware Cloud Director Service Provider Admin Portal

An IP set is a group of IP addresses that you can create at a VMware Cloud Director organization virtual data center level. You can use an IP set as the source or destination in a firewall rule or in a DHCP relay configuration.

You create an IP set by using the Grouping Objects page. To open this page, you must navigate either to the distributed firewall settings of the organization VDC, or to the services settings of an edge gateway that belongs to the organization VDC.

Procedure

  1. Open the Grouping Objects page.
    Option Action
    From the distributed firewall settings of the organization VDC
    1. From the primary left navigation panel, under Resources, select Cloud Resources.
    2. From the secondary left panel, select Organization VDCs.
    3. Select the radio button next to the name of the target organization virtual data center, and click Manage firewall.
    4. Click the Grouping Objects tab.
    From the services settings of an edge gateway on the organization VDC
    1. From the primary left navigation panel, select Resources, and from the page top navigation bar, select Cloud Resources.
    2. From the secondary left panel, select Edge Gateways.
    3. Select the radio button next to the name of an edge gateway that belongs to the target organization virtual data center, and click Services.
    4. Click the Grouping Objects tab.
  2. Click the IP Sets tab.
    The IP sets that are already defined are displayed on the screen.
  3. To add an IP set, click the Create (Create button) button.
  4. Enter a name, optionally, a description for the IP set, and the IP addresses to be included in the set.
  5. To save this IP set, click Keep.

Results

The new IP set is available for selection as the source or destination in firewall rules or in DHCP relay configurations.

Create a MAC Set for Use in Firewall Rules by Using Your VMware Cloud Director Service Provider Admin Portal

A MAC set is a group of MAC addresses that you can create at an organization virtual data center level in VMware Cloud Director. You can use a MAC set as the source or destination in a firewall rule.

You create a MAC set by using the Grouping Objects page. To open this page, you must navigate either to the distributed firewall settings of the organization VDC, or to the services settings of an edge gateway that belongs to the organization VDC.

Procedure

  1. Open the Grouping Objects page.
    Option Action
    From the distributed firewall settings of the organization VDC
    1. From the primary left navigation panel, under Resources, select Cloud Resources.
    2. From the secondary left panel, select Organization VDCs.
    3. Select the radio button next to the name of the target organization virtual data center, and click Manage firewall.
    4. Click the Grouping Objects tab.
    From the services settings of an edge gateway on the organization VDC
    1. From the primary left navigation panel, select Resources, and from the page top navigation bar, select Cloud Resources.
    2. From the secondary left panel, select Edge Gateways.
    3. Select the radio button next to the name of an edge gateway that belongs to the target organization virtual data center, and click Services.
    4. Click the Grouping Objects tab.
  2. Click the MAC Sets tab.
    The MAC sets that are already defined are displayed on the screen.
  3. To add a MAC set, click the Create (Create button) button.
  4. Enter a name for the set, optionally, a description, and the MAC addresses to be included in the set.
  5. To save the MAC set, click Keep.

Results

The new MAC set is available for selection as the source or destination in firewall rules.

View Services Available for Firewall Rules by Using Your VMware Cloud Director Service Provider Admin Portal

By using the VMware Cloud Director Service Provider Admin Portal, you can view the list of services that are available for use in firewall rules. In this context, a service is a protocol-port combination.

You can view the available services by using the Grouping Objects page. To open this page, you must navigate either to the distributed firewall settings of the organization VDC, or to the services settings of an edge gateway that belongs to the organization VDC.

Procedure

  1. Open the Grouping Objects page.
    Option Action
    From the distributed firewall settings of the organization VDC
    1. From the primary left navigation panel, under Resources, select Cloud Resources.
    2. From the secondary left panel, select Organization VDCs.
    3. Select the radio button next to the name of the target organization virtual data center, and click Manage firewall.
    4. Click the Grouping Objects tab.
    From the services settings of an edge gateway on the organization VDC
    1. From the primary left navigation panel, select Resources, and from the page top navigation bar, select Cloud Resources.
    2. From the secondary left panel, select Edge Gateways.
    3. Select the radio button next to the name of an edge gateway that belongs to the target organization virtual data center, and click Services.
    4. Click the Grouping Objects tab.
  2. Click the Services tab.

Results

The available services are displayed on the screen.

View Service Groups Available for Firewall Rules by Using Your VMware Cloud Director Service Provider Admin Portal

By using the VMware Cloud Director Service Provider Admin Portal, you can view the list of service groups that are available for use in firewall rules. In this context, a service is a protocol-port combination, and a service group is a group of services or other service groups.

You can view the available service groups by using the Grouping Objects page. To open this page, you must navigate either to the distributed firewall settings of the organization VDC, or to the services settings of an edge gateway that belongs to the organization VDC.

Procedure

  1. Open the Grouping Objects page.
    Option Action
    From the distributed firewall settings of the organization VDC
    1. From the primary left navigation panel, under Resources, select Cloud Resources.
    2. From the secondary left panel, select Organization VDCs.
    3. Select the radio button next to the name of the target organization virtual data center, and click Manage firewall.
    4. Click the Grouping Objects tab.
    From the services settings of an edge gateway on the organization VDC
    1. From the primary left navigation panel, select Resources, and from the page top navigation bar, select Cloud Resources.
    2. From the secondary left panel, select Edge Gateways.
    3. Select the radio button next to the name of an edge gateway that belongs to the target organization virtual data center, and click Services.
    4. Click the Grouping Objects tab.
  2. Click the Service Groups tab.

Results

The available service groups are displayed on the screen. The Description column displays the services that are grouped in each service group.