An alias is a shortcut that identifies a group of hosts, networks, or interfaces. Your configuration file includes many default aliases. You can also create new aliases. To manage traffic through your Firebox, you can then add any of the aliases to the policies defined in your configuration file.
Default aliases include:
- Any — An alias for any address. This includes any IP address, interface, custom interface, tunnel, user and group.
- Firebox — An alias for all Firebox interfaces.
- Any-Trusted — An alias for any network you can get access to through Firebox interfaces configured as Trusted.
- Any-External — An alias for any network you can get access to through Firebox interfaces configured as External.
- Any-Optional — An alias for any network you can get access to through Firebox interfaces configured as Optional.
The Any-Trusted, Any-External, and Any-Optional aliases do not include Firebox interface IP addresses.
- Any-BOVPN — An alias for any BOVPN (IPSec) tunnel.
When you use the BOVPN Policy wizard to create a policy to allow traffic through a BOVPN tunnel, the wizard automatically creates .in and .out aliases for the incoming and outgoing tunnels.
- WG-Wireless-Access-Point1 — An alias for wireless Access point 1 on a wireless Firebox.
- WG-Wireless-Access-Point2 — An alias for wireless Access point 2 on a wireless Firebox.
- WG-Wireless-Access-Point3 — An alias for wireless Access point 3 on a wireless Firebox.
WG-Wireless-Guest — An alias for wireless Access point 3 on a wireless Firebox that is used for a guest wireless network (Fireware OS v11.8.x and lower).
Alias names are different from user or group names used in user authentication. With user authentication, you can monitor a connection with a name and not as an IP address. The person authenticates with a user name and a password to get access to Internet protocols.
For more information about user authentication, see About User Authentication.
You can also create and apply aliases when you use Centralized Management for your Firebox and apply a Device Configuration Template to a device. If you apply a template to a Firebox that runs Fireware OS v11.7 or higher, and the template includes an alias name that is already used by an interface on the device, because you cannot have duplicate alias names in any configuration file, the alias name does not appear correctly in the Aliases list after the template is applied.
For more information about templates, see Create Device Configuration Templates.
You can add these objects to an alias:
- Host IP address
- Network IP address
- A range of host IP addresses
- Wildcard IPv4 address
- Host Name (DNS Lookup) — A one-time DNS lookup is performed on the host name and resolved IP addresses are added to the alias.
- FQDN — Performs forward DNS resolution and analyzes DNS replies for the specified FQDN (includes wildcard domains). Resolved IP addresses from the primary domain and any subdomains are added to the alias.
For more information on how to use FQDN in policies, see About Policies by Domain Name (FQDN).
- Tunnel address — Defined by a user or group, address, and name of the tunnel. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a tunnel address, you can specify these conditions for traffic:
- User or member of a group.
- IP address. This can be a host IP address, a network IP address, or an IP address range.
- Branch Office VPN tunnel that the traffic goes through.
- Custom address — Defined by a user or group, address, and Firebox interface. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a custom address, you can specify these conditions for traffic:
- A user or a group member
- An IP address. This can be a host IP address, a network IP address, or an IP address range.
- The interface where the traffic passes through the Firebox.
- If the custom address is in the From list, this is the interface where the traffic enters the Firebox.
- If the custom address is in the To list, this is the interface where the traffic exits the Firebox.
- Device Group — A device group for Mobile Security. This includes Any-Mobile, Any-Android, and Any-iOS.
- Another alias
- An authorized user or group