A MAC set is a group of MAC addresses that you can add as the source or destination in a firewall rule.

About this task

You create a MAC set using the Grouping Objects page of the vCloud Director tenant portal. The Grouping Objects page is available on both the Distributed Firewall and Edge Gateway screens.

Prerequisites

To use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must be converted to an advanced edge gateway. You can do this on the edge gateway in the vCloud Director Web console or from the tenant portal. For details on performing this step from the tenant portal, see Convert an Edge Gateway to an Advanced Edge Gateway.

Procedure

  1. Launch Edge Gateway Services by completing the following steps:
    1. Click Network > Edge Gateway.
    2. Select the edge gateway to edit, and click Configure Services.

    The tenant portal opens Edge Gateway services.

  2. Or, launch the Security Services.
    1. Click Network > Security
    2. Select the Security Services to edit.

    The Security Services opens.

  3. Click Grouping Objects to display the Grouping Objects page.
  4. Click the MAC Sets tab to display the MAC Sets screen if it is not already visible.

    The MAC sets that are already defined are displayed on the screen.

  5. Click the + icon to add a new MAC set.
  6. Type a name for the set, an optional description, and the MAC addresses to be included in the set.
  7. (Optional) : If you are specifying the MAC set using the Grouping Objects page on the Distributed Firewall screen, use the Inheritance toggle to enable inheritance to allow visibility at underlying scopes.

    Inheritance is enabled by default.

  8. Click Keep to save this MAC set.

Results

The new MAC set is available for selection as the source or destination in firewall rules.