Configure the Source and Destination in a Firewall Policy

Applies To: Cloud-managed Fireboxes

In a firewall policy for a cloud-managed Firebox, you specify the source and destination of the connections the policy applies to. A connection must match both the source and destination for the policy to apply to that traffic. For a Custom policy, you also specify the traffic direction the policy applies to.

Screen shot of the Source and Destination settings in a firewall policy

You can add these types of addresses as a policy source or destination: 

  • Aliases — A custom alias or a built-in alias
  • Firebox Networks — The name of a Firebox network, such as Internal or External
  • Firebox DB Group — A group in the Firebox database
  • Firebox DB User — A user in the Firebox database
  • Group — A group in an Authentication Domain
  • User — A user in an Authentication Domain
  • Host IPv4 — The IPv4 address of a host
  • Network IPv4 — The IPv4 address of a network
  • Host Range IPv4 — A range of IPv4 addresses
  • FQDN — A fully qualified domain name, such as *.example.com

For an inbound policy, you can also add a static NAT action as a policy destination. Static NAT (SNAT), also known as port forwarding, is a port-to-host NAT. You must add the static NAT action before you can add it as a policy destination. For more information, see Configure Firebox Static NAT Actions.

For more information about custom and built-in aliases, see Configure Firebox Aliases.

For more information about Firebox DB users and groups, see Configure Firebox Database User Authentication.

Before you can add an authentication domain user or group, you must add the authentication domain to WatchGuard Cloud, and then add it to the Firebox configuration. For more information, see:

See Also

Configure Firewall Policies in WatchGuard Cloud