An IP set is a group of IP addresses that can be used as sources and destinations in firewall rules.

An IP set can contain a combination of individual IP addresses, IP ranges, and subnets. You can specify IPv4 or IPv6 addresses, or both. An IP set can be a member of NSGroups.

Note: Any IP set created by this method will not be visible in Policy mode. In Policy mode, we can create a group and add members as IP addresses, ranges, network addresses, or MAC addresses by navigating to Inventory > Groups > Set Members and specifying IP or MAC addresses.
Note: IPv4 addresses and IPv6 addresses are supported for source or destination ranges for firewall rules.


Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure the User Interface Settings.


  1. With admin privileges, log in to NSX Manager.
  2. Select Inventory > Groups > IP Sets > Add.
  3. Enter a name.
  4. (Optional) Enter a description.
  5. In Members, enter individual IP addresses, IP ranges, and subnets in a comma separated list.
  6. Click Save.