Advanced
Networking Services includes functionality to create grouping objects
(custom network containers) for use when configuring the edge gateway firewall
and the distributed firewall. Additionally, you can use grouping objects when
configuring the server pool for the load balancer.
You can create an IP address
group and then add this group as the source or destination in a firewall rule.
Such a rule can help protect physical machines from virtual machines or vice
versa.
For an example of the IP Set and
MAC Set schemas, see
Manage IP Sets
and
Manage MAC Sets.
IP
SET (ipSet)
|
|
|
|
|
objectId
|
String
|
Yes
|
The ID for the IP Set in the format ipset-X
Note
Leave this element
empty when creating an IP Set by using the POST method. The system will
auto-generate an object ID.
|
|
revision
|
Number
|
Yes
|
The current version of the IP Set
|
|
name
|
String
|
Yes
|
A name for the IP Set; for example,
dmz_app1_web
|
|
description
|
String
|
No
|
A description of the IP Set
|
|
SCOPE
|
|
id
|
String
|
No
|
A read-only field
IP Sets are defined
under the global scope so that they are available to all virtual data centers
and port groups.
|
|
name
|
String
|
No
|
Display name for the scope (a read-only field)
|
|
objectTypeName
|
String
|
No
|
Display name for the object type (a read-only
field)
|
|
ELEMENT
|
|
value
|
String
|
No
|
The range of IP addresses that the IP Set
applies to
You can specify multiple
IP address ranges as a comma separated list or as a CIDR format (for example,
10.112.29.1/24).
|
You can create MAC Sets for use
in the distributed firewall.
MAC SET (macset)
|
|
|
|
|
objectId
|
String
|
Yes
|
The ID for the MAC Set in the format macset-X
Note
Leave this element
empty when creating a MAC Set by using the POST method. The system will
auto-generate an object ID.
|
|
revision
|
Number
|
Yes
|
The current version of the MAC Set
configuration
|
|
name
|
String
|
Yes
|
A name for the MAC Set; for example,
TestMACSet1
|
|
description
|
String
|
No
|
A description of the MAC Set
|
|
SCOPE
|
|
id
|
String
|
No
|
A read-only field
MAC Sets are defined
under the global scope so that they are available to all virtual data centers
and port groups.
|
|
name
|
String
|
No
|
Display name for the scope (a read-only field)
|
|
objectTypeName
|
String
|
No
|
Display name for the object type (a read-only
field)
|
|
ELEMENT
|
|
value
|
String
|
No
|
The MAC address(es) that the MAC Set applies to
You can specify multiple
MAC addresses as a comma separated list.
|