An IP set is a group of IP addresses that you can add as the source or destination in a firewall rule or in DHCP relay configuration.

About this task

You create an IP set using the Grouping Objects page of the vCloud Director tenant portal. The Grouping Objects page is available on both the Distributed Firewall and Edge Gateway screens.

Prerequisites

If you choose to launch the tenant portal using the Edge Gateway Services action on an edge gateway, that edge gateway must have already been converted to an advanced gateway.

Procedure

  1. Log in to the vCloud Director Web console.
  2. Launch the tenant portal using of these two methods.
    • Right-click the name of the organization virtual datacenter and click Manage Firewall in the context menu.

    • Right-click the name of an edge gateway that has been converted to an advanced gateway and click Edge Gateway Services in the context menu.

    The tenant portal opens in a new browser tab and displays the Firewall page.

  3. Click the Grouping Objects tab to display the Grouping Objects page.
  4. Click the IP Sets tab to display the IP Sets screen if it is not already visible.

    The IP sets that are already defined are displayed on the screen.

  5. Click the + icon to add a new IP set.
  6. Type a name for the set, an optional description, and the IP addresses to be included in the set.
  7. (Optional) If you are specifying the IP set using the Grouping Objects page on the Distributed Firewall screen, use the Inheritance toggle to enable inheritance to allow visibility at underlying scopes.

    Inheritance is enabled by default.

  8. Click Keep to save this IP set.

Results

The new IP set is available for selection as the source or destination in firewall rules or in DHCP relay configuration.