You can create an IP address group and then add this group as the source or destination in a firewall rule. Such a rule can help protect physical machines from virtual machines or vice versa.
- Log in to the vSphere Web Client.
- Click Networking & Security and then under Networking & Security Inventory click NSX Managers.
- Click an NSX Manager in the Name column and then click the Manage tab.
You must select the primary NSX Manager if you need to manage universal IP address groups.
- Click the Grouping Objects tab, then click IP Sets.
- Click the Add () icon.
- Type a name for the address group.
- (Optional) : Type a description for the address group.
- Type the IP addresses to be included in the group.
- (Optional) : Select Enable inheritance to allow visibility at underlying scopes.
- (Optional) : Select Mark this object for Universal Synchronization to create a universal IP address group.
- Click OK.