Contents

Add New Members to a Policy

In a firewall policy, you can add members to the From (source) and To (destination) lists.

You can add these objects as members of a policy

  • Alias — A shortcut that identifies a group of members. An alias can include any of the other member types. For more information, see About Aliases
  • Host IP address
  • Network IP address
  • A range of host IP addresses
  • Wildcard IPv4 address
  • Host Name (DNS Lookup) — A one-time DNS lookup is performed on the host name and resolved IP address is added to the policy.
  • FQDN — Performs forward DNS resolution and analyzes DNS replies for the specified FQDN (includes wildcard domains). Resolved IP addresses from the primary domain and any subdomains are added to the alias.
    For more information on how to use FQDN in policies, see About Policies by Domain Name (FQDN).
  • Tunnel address — Defined by a user or group, address, and name of the tunnel. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a tunnel address, you can specify these conditions for traffic:
  • User or member of a group.
  • IP address. This can be a host IP address, a network IP address, or an IP address range.
  • Branch Office VPN tunnel that the traffic goes through.
  • Custom address — Defined by a user or group, address, and Firebox interface. This type lets you specify the address, and set two other conditions that traffic must meet in order to match the address. With a custom address, you can specify these conditions for traffic:
  • A user or a group
  • An IP address. This can be a host IP address, a network IP address, or an IP address range.
  • The interface where the traffic passes through the Firebox.
  • If the custom address is in the From list, this is the interface where the traffic enters the Firebox.
  • If the custom address is in the To list, this is the interface where the traffic exits the Firebox.
  • Device Group — A device group for Mobile Security. This includes Any-Mobile, Any-Android, and Any-iOS.
  • Firewall user or group
  • SSLVPN user or group
  • L2TP user or group
  • Static NAT or Server Load Balancing action (as a policy destination only)
    For more information, see Configure Static NAT (SNAT).

Add Members to a Policy

See Also

About Aliases

Types of Firebox Authentication

Set Access Rules for a Policy

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search