A MAC set is a group of MAC addresses that you can add as the source or destination in a firewall rule.

You create a MAC set using the Grouping Objects page of the vCloud Director tenant portal. The Grouping Objects page is available on both the Distributed Firewall and Edge Gateway screens.

If you choose to launch the tenant portal using the Edge Gateway Services action on an edge gateway, that edge gateway must have already been converted to an advanced gateway.


Log in to the vCloud Director Web console.


Launch the tenant portal using of these two methods.

Right-click the name of the organization virtual datacenter and click Manage Firewall in the context menu.

Right-click the name of an edge gateway that has been converted to an advanced gateway and click Edge Gateway Services in the context menu.

The tenant portal opens in a new browser tab and displays the Firewall page.


Click Grouping Objects to display the Grouping Objects page.


Click the MAC Sets tab to display the MAC Sets screen if it is not already visible.

The MAC sets that are already defined are displayed on the screen.


Click the + icon to add a new MAC set.


Type a name for the set, an optional description, and the MAC addresses to be included in the set.


(Optional) If you are specifying the MAC set using the Grouping Objects page on the Distributed Firewall screen, use the Inheritance toggle to enable inheritance to allow visibility at underlying scopes.

Inheritance is enabled by default.


Click Keep to save this MAC set.

The new MAC set is available for selection as the source or destination in firewall rules.