Create an Alias
To help you more easily identify a group of hosts, users, or networks in your security policies, you can create aliases to use with your policies.
You can also create aliases when you use Centralized Management for your Firebox and apply a Device Configuration Template to a Firebox. For more information about how to use aliases in templates, go to Create Device Configuration Templates.
- Select Firewall > Aliases.
The Aliases page opens.
- Click Add.
The Aliases / Add page appears.
- In the Name text box, type a unique name to identify the alias.
This name appears in lists when you configure a security policy. - In the Description text box, type a description of the alias.
- Add alias members to the alias, as described in the next sections.
- Click Save.
- Select Setup > Aliases.
The Aliases dialog box opens. Pre-defined aliases appear in blue and user-defined aliases appear in black.
- Click Add.
The Add Alias dialog box opens.
- In the Alias Name text box, type a unique name to identify the alias.
This name appears in lists when you configure a security policy. - In the Description text box, type a description of the alias.
- Add alias members to the alias, as described in the next sections.
- Click OK.
Add a Member to the Alias
You can add an IP address, address range, wildcard IPv4 or IPv6 address, host name (one time DNS lookup), FQDN (includes wildcard domains), user and group, or another alias as a member of an alias. For information on how to import a list of alias members, go to Import and Export a List of Alias Members.
To add a member to an alias, from Fireware Web UI:
- On the Aliases / Add page, click Add.
The Add Member dialog box opens. - From the Member type drop-down list, select the type of member you want to add.
- Type the address or name in the Member Type text box, or select the user or group.
- Click OK.
The new member appears in the Alias Members list. - To add more members, repeat Steps 1–4
To add a member to an alias, from Policy Manager:
- In the Add Alias dialog box, click Add.
The Add Member dialog box opens. - From the Choose Type drop-down list, select the type of member you want to add.
- Type the address or name in the Value text box.
- Click OK.
The new member appears in the Alias Members list. - To add more members, repeat Steps 1–4.
Add a User or Group to the Alias from Policy Manager
- In the Add Alias dialog box, click User.
The Add Users or Groups dialog box opens. - In the left Type drop-down list, select whether the user or group you want to add is a Firewall user, SSL VPN user, L2TP user, or an IKEv2 user.
- In the right Type drop-down list, select User to add a user, or Group to add a group.
- If the user or group appears in the list at the bottom of the Add Users or Groups dialog box, select the user or group and click Select.
If the user or group does not appear in the list, it is not yet defined as a user or group. You must define it as a user or group before you add it to an alias.
- Repeat Steps 1–4 to add more members as needed.
Or, use the previous procedure to add an address, address range, DNS name, or another alias to the alias. - Click OK.
For information on how to define a user or group, go to:
- Define a New User for Firebox Authentication
- Define a New Group for Firebox Authentication
- Use Users and Groups in Policies
Edit an Alias
- Select Firewall > Aliases.
The Aliases page opens.
- From the Aliases list, select the user-defined alias to change.
- Click Edit.
The Edit Alias page appears.
- To add a member to the Alias Members list, click Add.
For more information, see the previous sections. - To remove a member from the Alias Members list, select the entry and click Remove.
- Click Save.
- Select Setup > Aliases.
The Aliases dialog box opens. Pre-defined aliases appear in blue and user-defined aliases appear in black.
- From the Aliases list, select the user-defined alias to change.
- Click Edit.
The Edit Alias
- To add a member to the Alias Members list, click Add, User, or FQDN Import.
For more information, see the previous sections. - To remove a member from the Alias Members list, select the entry and click Remove.
- Click OK.
- Edit a policy with the user-defined alias you want to change.
The Edit Policy Properties dialog box opens.
- In the From or To list, select the alias to change.
- Click Edit.
The Edit Alias dialog box appears.
- To add a member to the Alias Members list, click Add, User, or FQDN Import.
For more information, see the previous sections. - To remove a member from the Alias Members list, select the member and click Remove.
- Click OK.
Import and Export a List of Alias Members
You can import a list of alias members from a text file to your Firebox. For example, you can import a list of users rather than add each user individually. You can import several types of alias members.
When you select Import, you must select to append to or replace the current list of alias members. Next, you must select a file from your computer to upload. The file must be a plain text file with a list of alias members with one alias member per line.
For example:
ipv4, 100.0.0.1
ipv4, 100.0.1.0/24
ipv4, 10.1.0.5/255.255.0.255
ipv6, 2001::1-2001::10
fqdn, *.youtube.com
fqdn, test.example.com
fqdn, example.com
alias, Any-Trusted
alias, my_nested_alias
fw-user, "tom (Firebox-DB)"
fw-group, "Domain Users (example.com)"
device, Any-iOS
You can also export a list of alias members from your Firebox to a text file. To export a list, select to edit an alias, and then select Export. A text file downloads to your computer.
In Fireware v12.0 and lower, and in Fireware 12.0.1 in Policy Manager, you can only import a list of FQDNs. The Export option is not available. In Fireware v12.0.1, in the Web UI only, you can import or export a list of different alias members types. In Fireware v12.1 and higher, you can also import or export a list of different alias members types in Policy Manager. You can import and export wildcard IPv4 and IPv6 addresses in Fireware v12.1 and higher.