Configure the Source and Destination in a Firewall Policy
Applies To: Cloud-managed Fireboxes
This feature is only available to participants in the WatchGuard Cloud Beta program.
In a firewall policy for a cloud-managed Firebox, you specify the source and destination of the connections the policy applies to. A connection must match both the source and destination for the policy to apply to that traffic. For a Custom policy, you also select the traffic direction the policy applies to.
You can add these types of addresses as a policy source or destination:
- Aliases — A custom alias or a built-in alias
- Firebox Networks — The name of a Firebox network, such as Internal or External
- Firebox DB Group — A group in the Firebox database
- Firebox DB User — A user in the Firebox database
- Host IPv4 — The IPv4 address of a host
- Network IPv4 — The IPv4 address of a network
- Host Range IPv4 — A range of IPv4 addresses
- FQDN — A fully qualified domain name, such as *.example.com
For more information about custom and built-in aliases, see Configure Firebox Aliases.
For more information about Firebox DB users and groups, see Configure Firebox Database User Authentication.

- Add or edit a policy. For more information, see Configure Firewall Policies in WatchGuard Cloud.
- In the Source and Destination settings of the policy, click Add Source.
The Add Source Address dialog box opens.
- From the Type drop-down list, select the type of address to add.
- Type or select the address.
- Click Add.
- Repeat these steps to add any additional source addresses.

- Add or edit a policy. For more information, see Configure Firewall Policies in WatchGuard Cloud.
- In the Source and Destination settings of the policy, click Add Destination.
The Add Destination Address dialog box opens.
- From the Type drop-down list, select the type of address to add.
- Type or select the address.
- Click Add.
- Repeat these steps to add any additional destination addresses.

A Custom policy is appropriate for traffic between two private networks. For example, if your Firebox has two internal networks, you could add a Custom policy that applies to connections between hosts on the two networks.
All other firewall policy types apply only to connections from a source to a destination. A Custom policy can also apply to connections from the destination to the source.
In a Custom policy, select one of these options.
Bi-directional traffic (default)
Select this option if you want the policy to apply to connections between the source and destination regardless of which started the connection.
Source to destination only
Select this option if you want the policy to apply only to connections from a policy source to a policy destination.